Introduzione	  ai	  Network	  Penetra1on	  Test	  secondo	  l’OSSTMMLinux	  Day	  2012Roma,	  27	  o)obre	  2012Simone	  O...
Introduzione   NPT	  e	  OSSTMM
hBp://onofri.org/u/npt2012
Network	  Penetra1on	  Test                     ?
Network	  Penetra1on	  TestIl	  Network	  Penetra/on	  Test	        ha	  lo	  scopo	  verificare	  la	         sicurezza	  ...
Network	  Penetra1on	  TestViene	  valutata	  la	  presenza	            e	  la	  correBa	    implementazione	  dei	  contr...
Network	  Penetra1on	  Test       L’a>vità	  valuta	  uno	  scenario	  specifico	  secondo	   il	  bersaglio,	  la	  posizi...
Network	  Penetra1on	  Test	                come?
Network	  Penetra1on	  Test	                     Open
Network	  Penetra1on	  Test	                  Source
Network	  Penetra1on	  Test	                Security
Network	  Penetra1on	  Test	                  Tes1ng
Network	  Penetra1on	  Test	      Methodology
Network	  Penetra1on	  Test	                 Manual
Network	  Penetra1on	  Test	        OSSTMM
traceroute	  to	  isecom.org # traceroute -n isecom.org traceroute to isecom.org (216.92.116.13), 64 hops max, 52 byte pac...
traceroute	  to	  isecom.org # tcpdump   -Sni en0 440701 IP   195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit,...
breve	  introduzione	  alla	  Cosa	  bisogna	  sapere   metodologia
“security	  is	  about	     protec1on”  Pete	  Herzog	  -­‐	  No	  More	  of	  the	  Same	  Bad	  Security
Operational Security                            Access     Visibility                              Trust     Exposure!    ...
Cosa	  bisogna	  fare   regole	  di	  ingaggio	  e	  auditor	  trifecta
Regole	  di	  ingaggio	  (selezione)     come	  “regolamentare”	                l’a>vità
Regole	  di	  ingaggio	  (selezione)                         Paura                    Incertezza                      Inga...
Regole	  di	  ingaggio	  (selezione)                   X                         Paura                    Incertezza      ...
Regole	  di	  ingaggio	  (selezione)      se	  non	  /	  buco	  è	  gra/s
Regole	  di	  ingaggio	  (selezione)                   X      se	  non	  /	  buco	  è	  gra/s
Regole	  di	  ingaggio	  (selezione)     fare	  i	  test	  SOLO	  se	   espressamente	  autorizza/
Regole	  di	  ingaggio	  (selezione) a	  prescindere	  da	  NDA,	  non	   divulgare	  mai	  informazioni	               o	...
Regole	  di	  ingaggio	  (selezione)    conosci	  i	  tuoi	  strumen/
Regole	  di	  ingaggio	  (selezione)non	  lasciare	  lo	  scope	  meno	   sicuro	  di	  come	  era	  prima	            del...
Regole	  di	  ingaggio	  (selezione)
Trifecta	   	    sono	  le	  tre	  domande	  da	    farsi	  durante	  un’a>vità
Trifecta	   	                 Come	  funziona?
Trifecta	   	        Come	  il	  management	         pensa	  che	  funzioni?
Trifecta	   	      Di	  cosa	  effe>vamente	              c’è	  bisogno?
Trifecta	   	  
Test	  sulla	  sicurezza	      alcuni	  elemen1	  secondo	  l’OSSTMM  delle	  Re1	  di	  Da1	  
11.1	  Posture	  Review
11.2	  Logis1cs
11.2.1	  Framework
# whois isecom.org[...]Registrant Organization:Institute for Security and Open Methodologies[...]Registrant City:Lake Geor...
# dig isecom.org @NS222.PAIR.COM ANY; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM ANY;; global options: +cmd;; Got a...
# whois 216.92.116.13NetRange:       216.92.0.0 - 216.92.255.255CIDR:           216.92.0.0/16OriginAS:NetName:        PAIR...
# nmap -PN --traceroute -n -p80 isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-10-27 09:00 CESTNmap scan report ...
11.2.2	  Network	      Quality
# hping2 --icmp -c 100 isecom.orgHPING isecom.org (en0 216.92.116.13): icmp mode set, 28 headers + 0 data byteslen=46 ip=2...
# hping2 -S -p 80 -c 100 isecom.orgHPING isecom.org (en0 216.92.116.13): S set, 40 headers + 0 data byteslen=46   ip=216.9...
# hping2 --udp -c 100   isecom.orgHPING isecom.org (en0   216.92.116.13): udp mode set, 28 headers + 0 data bytesICMP Port...
11.2.3	  Time
# curl -kisX HEAD isecom.orgHTTP/1.1 200 OKDate: Wed, 26 Oct 2012 09:30:00 GMTServer: Apache/2.2.22Last-Modified: Fri, 13 ...
11.3	  Ac1ve	  Detec1on	          Verifica1on
11.3.1	  Filtering
11.3.2	  Ac1ve	   Detec1on
# curl -kisX HEAD "http://isecom.org/etc/passwd?format=%%&xss="><script>alert(xss);</script>&traversal=../../&sql=%20OR%20...
11.4	  Visibility	  Audit
11.4.1	  Network	     Surveying
# dig isecom.org @NS222.PAIR.COM A; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM A;; global options: +cmd;; Got answe...
11.4.2	  Enumera1on
# nmap -sT -Pn -n --top-ports 10 isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:10CESTNmap scan report ...
# nmap -sT -Pn -n   --top-ports 10 --reason isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:17CESTNmap s...
# nmap -sU -Pn -n   --top-ports 10 --reason isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:28CESTNmap s...
# nmap -sU -Pn -n   -p53,67 --reason --packet-trace isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:32  ...
11.5	  Access	  Verifica1on
11.5.1	  Network
11.5.2	  Services
# nmap -sUV -Pn -n   -p53,67 --reason --packet-trace isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:44 ...
# nmap -sTV -Pn isecom.org --top-ports 10 --reasonStarting Nmap 6.00 ( http://nmap.org ) at 2012-10-25 01:41CESTNmap scan ...
11.5.3	  Auten1ca1on
11.6	  Trust	  Verifica1on
11.7	  Controls	   Verifica1on
11.8	  Process	  Verifica1on
11.9	  Configura1on	     Verifica1on
11.10	  Property	    Valida1on
11.11	  Segrega1on	       Review
11.12	  Exposure	   Verifica1on
11.13	  Compe11ve	  Intelligence	  Scou1ng
11.14	  Quaran1ne	     Verifica1on
11.15	  Privileges	  Audit
11.16	  Survivability	     Verifica1on
11.17	  Alert	  and	  Log	           Review
Conclusioni   riferimen1,	  strumen1
STAR	  Report	  e	  Test	  OSSTMM
;-­‐)http://onofri.org/http://twitter.com/simoneonofrihttp://it.linkedin.com/simoneonofrihttp://slideshare.net/simoneonofr...
http://onofri.org/http://twitter.com/simoneonofrihttp://it.linkedin.com/simoneonofrihttp://slideshare.net/simoneonofriDOMA...
Introduzione ai network penetration test secondo osstmm
Upcoming SlideShare
Loading in...5
×

Introduzione ai network penetration test secondo osstmm

565

Published on

"Competent Analysts will require adequate networking knowledge,
diligent security testing skills, and critical thinking skills to
assure factual data collection creates factual results through
correlation and analysis." - OSSTMM v3

Il Network Penetration Test (NPT) ha lo scopo verificare la sicurezza
dei sistemi esposti sulla rete. Viene valutata la presenza di
controlli - e la loro corretta implementazione - che annullano o
limitano le minacce esistenti verso i beni dell'organizzazione.
L'attività valuta uno scenario specifico che varia secondo il
bersaglio, la posizione degli attaccanti e le informazioni in possesso
al personale coinvolto.

Un Penetration Test si esegue tramite varie attivtà spesso molto
delicate e importanti e, come ben specificato nell'Open Source
Security Testing Methodology Manual (OSSTMM), gli analisti non solo
devono avere delle competenze adeguate della rete e dei suoi
protocolli ma anche applicare un ragionamento critico per raccogliere
e correlare le informazioni in maniera corretta così da ottenere
risultati oggettivi.

Durante il seminario verrà introdotta la metodologia OSSTMM, con
particolare attenzione alle reti TCP/IP (Data Networks) e alle
operazioni tipiche per la ricerca degli host sulla rete e
l'identificazione dei servizi interattivi.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
565
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Introduzione ai network penetration test secondo osstmm"

  1. 1. Introduzione  ai  Network  Penetra1on  Test  secondo  l’OSSTMMLinux  Day  2012Roma,  27  o)obre  2012Simone  Onofri  -­‐  simone.onofri@techub.it
  2. 2. Introduzione NPT  e  OSSTMM
  3. 3. hBp://onofri.org/u/npt2012
  4. 4. Network  Penetra1on  Test ?
  5. 5. Network  Penetra1on  TestIl  Network  Penetra/on  Test   ha  lo  scopo  verificare  la   sicurezza  dei  sistemi   espos/  sulla  rete.
  6. 6. Network  Penetra1on  TestViene  valutata  la  presenza   e  la  correBa   implementazione  dei  controlli  che  annullano,  o   limitano  le  minacce  
  7. 7. Network  Penetra1on  Test L’a>vità  valuta  uno  scenario  specifico  secondo   il  bersaglio,  la  posizione   degli  aCaccan/  e  le   informazioni  disponibili
  8. 8. Network  Penetra1on  Test   come?
  9. 9. Network  Penetra1on  Test   Open
  10. 10. Network  Penetra1on  Test   Source
  11. 11. Network  Penetra1on  Test   Security
  12. 12. Network  Penetra1on  Test   Tes1ng
  13. 13. Network  Penetra1on  Test   Methodology
  14. 14. Network  Penetra1on  Test   Manual
  15. 15. Network  Penetra1on  Test   OSSTMM
  16. 16. traceroute  to  isecom.org # traceroute -n isecom.org traceroute to isecom.org (216.92.116.13), 64 hops max, 52 byte packets [...] 16 195.22.192.181 48.888 ms 52.587 ms 49.014 ms 17 89.221.34.50 40.760 ms 37.027 ms 40.741 ms 18 64.210.21.150 180.909 ms 170.083 ms 178.578 ms 19 * * * 20 * * *
  17. 17. traceroute  to  isecom.org # tcpdump -Sni en0 440701 IP 195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit, length 36 493212 IP 195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit, length 36 542222 IP 195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit, length 36 583138 IP 89.221.34.50 > 10.10.10.10: ICMP time exceeded in-transit, length 36 620053 IP 89.221.34.50 > 10.10.10.10: ICMP time exceeded in-transit, length 36 660844 IP 89.221.34.50 > 10.10.10.10: ICMP time exceeded in-transit, length 36 841862 IP 64.210.21.150 > 10.10.10.10: ICMP time exceeded in-transit, length 36 011975 IP 64.210.21.150 > 10.10.10.10: ICMP time exceeded in-transit, length 36 190596 IP 64.210.21.150 > 10.10.10.10: ICMP time exceeded in-transit, length 36
  18. 18. breve  introduzione  alla  Cosa  bisogna  sapere metodologia
  19. 19. “security  is  about   protec1on” Pete  Herzog  -­‐  No  More  of  the  Same  Bad  Security
  20. 20. Operational Security Access Visibility Trust Exposure! Vulnerability! Authentication NonRepudiation Indemnification Confidentiality Resilience Privacy Subjugation Integrity Continuity Alarm Weakness! Concern!Interactive Controls Process Controls
  21. 21. Cosa  bisogna  fare regole  di  ingaggio  e  auditor  trifecta
  22. 22. Regole  di  ingaggio  (selezione) come  “regolamentare”   l’a>vità
  23. 23. Regole  di  ingaggio  (selezione) Paura Incertezza Inganno
  24. 24. Regole  di  ingaggio  (selezione) X Paura Incertezza Inganno
  25. 25. Regole  di  ingaggio  (selezione) se  non  /  buco  è  gra/s
  26. 26. Regole  di  ingaggio  (selezione) X se  non  /  buco  è  gra/s
  27. 27. Regole  di  ingaggio  (selezione) fare  i  test  SOLO  se   espressamente  autorizza/
  28. 28. Regole  di  ingaggio  (selezione) a  prescindere  da  NDA,  non   divulgare  mai  informazioni   o  risulta/
  29. 29. Regole  di  ingaggio  (selezione) conosci  i  tuoi  strumen/
  30. 30. Regole  di  ingaggio  (selezione)non  lasciare  lo  scope  meno   sicuro  di  come  era  prima   del  tuo  arrivo
  31. 31. Regole  di  ingaggio  (selezione)
  32. 32. Trifecta     sono  le  tre  domande  da   farsi  durante  un’a>vità
  33. 33. Trifecta     Come  funziona?
  34. 34. Trifecta     Come  il  management   pensa  che  funzioni?
  35. 35. Trifecta     Di  cosa  effe>vamente   c’è  bisogno?
  36. 36. Trifecta    
  37. 37. Test  sulla  sicurezza   alcuni  elemen1  secondo  l’OSSTMM delle  Re1  di  Da1  
  38. 38. 11.1  Posture  Review
  39. 39. 11.2  Logis1cs
  40. 40. 11.2.1  Framework
  41. 41. # whois isecom.org[...]Registrant Organization:Institute for Security and Open Methodologies[...]Registrant City:Lake GeorgeRegistrant State/Province:NYRegistrant Postal Code:12845Registrant Country:USRegistrant Phone:+1.5186***********[...]Registrant Email:a*******@isecom.orgAdmin Name:Peter HerzogAdmin Organization:Institute for Security and Open Methodologies[...]Admin City:Lake GeorgeAdmin State/Province:NYAdmin Postal Code:12845Admin Country:USAdmin Phone:+1. 5186***********Admin FAX Ext.:Admin Email:a*******@isecom.org[...]Name Server:NS222.PAIR.COMName Server:NS0000.NS0.COM
  42. 42. # dig isecom.org @NS222.PAIR.COM ANY; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM ANY;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65151;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0;; WARNING: recursion requested but not available;; QUESTION SECTION:;isecom.org. IN ANY;; ANSWER SECTION:isecom.org. 3600 IN A 216.92.116.13isecom.org. 3600 IN MX 50 mailwash4.pair.com.isecom.org. 3600 IN SOA ns222.pair.com. root.pair.com. 2012020511 3600300 604800 3600isecom.org. 3600 IN NS ns0000.ns0.com.isecom.org. 3600 IN NS ns222.pair.com.;; Query time: 176 msec;; SERVER: 209.68.2.67#53(209.68.2.67)[...]
  43. 43. # whois 216.92.116.13NetRange: 216.92.0.0 - 216.92.255.255CIDR: 216.92.0.0/16OriginAS:NetName: PAIRNET-BLK-3NetHandle: NET-216-92-0-0-1Parent: NET-216-0-0-0-0NetType: Direct AllocationComment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLERegDate: 1998-09-25Updated: 2001-06-14Ref: http://whois.arin.net/rest/net/NET-216-92-0-0-1OrgName: pair NetworksOrgId: PAIRAddress: 2403 Sidney StAddress: Suite 510City: PittsburghStateProv: PAPostalCode: 15232Country: USRegDate: 1997-01-30Updated: 2008-10-04
  44. 44. # nmap -PN --traceroute -n -p80 isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-10-27 09:00 CESTNmap scan report for isecom.org (216.92.116.13)Host is up (0.17s latency).PORT STATE SERVICE80/tcp open httpTRACEROUTE (using port 80/tcp)HOP RTT ADDRESS[...]17 42.97 ms 89.221.34.11018 166.42 ms 64.210.21.15019 ...20 165.39 ms 216.92.116.13Nmap done: 1 IP address (1 host up) scanned in 3.28 seconds
  45. 45. 11.2.2  Network   Quality
  46. 46. # hping2 --icmp -c 100 isecom.orgHPING isecom.org (en0 216.92.116.13): icmp mode set, 28 headers + 0 data byteslen=46 ip=216.92.116.13 ttl=48 id=16179 icmp_seq=0 rtt=164.9 mslen=46 ip=216.92.116.13 ttl=48 id=16501 icmp_seq=1 rtt=161.0 mslen=46 ip=216.92.116.13 ttl=48 id=16733 icmp_seq=2 rtt=165.8 ms[...]len=46 ip=216.92.116.13 ttl=48 id=39293 icmp_seq=91 rtt=171.9 mslen=46 ip=216.92.116.13 ttl=48 id=39386 icmp_seq=92 rtt=161.4 mslen=46 ip=216.92.116.13 ttl=48 id=39563 icmp_seq=93 rtt=167.6 mslen=46 ip=216.92.116.13 ttl=48 id=39777 icmp_seq=94 rtt=168.3 mslen=46 ip=216.92.116.13 ttl=48 id=40557 icmp_seq=95 rtt=164.5 mslen=46 ip=216.92.116.13 ttl=48 id=41028 icmp_seq=96 rtt=171.0 mslen=46 ip=216.92.116.13 ttl=48 id=41289 icmp_seq=97 rtt=165.6 mslen=46 ip=216.92.116.13 ttl=48 id=41378 icmp_seq=98 rtt=167.3 mslen=46 ip=216.92.116.13 ttl=48 id=41860 icmp_seq=99 rtt=167.4 ms--- isecom.org hping statistic ---100 packets tramitted, 97 packets received, 3% packet lossround-trip min/avg/max = 161.0/167.1/211.4 ms
  47. 47. # hping2 -S -p 80 -c 100 isecom.orgHPING isecom.org (en0 216.92.116.13): S set, 40 headers + 0 data byteslen=46 ip=216.92.116.13 ttl=50 DF id=25484 sport=80 flags=SA seq=0 win=65535 rtt=181.7 mslen=46 ip=216.92.116.13 ttl=50 DF id=26974 sport=80 flags=SA seq=1 win=65535 rtt=167.9 mslen=46 ip=216.92.116.13 ttl=50 DF id=27338 sport=80 flags=SA seq=2 win=65535 rtt=165.3 ms[...]len=46 ip=216.92.116.13 ttl=48 DF id=54788 sport=80 flags=SA seq=86 win=65535 rtt=201.6 mslen=46 ip=216.92.116.13 ttl=50 DF id=55028 sport=80 flags=SA seq=87 win=65535 rtt=207.3 mslen=46 ip=216.92.116.13 ttl=50 DF id=55696 sport=80 flags=SA seq=94 win=65535 rtt=170.4 mslen=46 ip=216.92.116.13 ttl=48 DF id=56158 sport=80 flags=SA seq=95 win=65535--- isecom.org hping statistic ---100 packets tramitted, 99 packets received, 1% packet lossround-trip min/avg/max = 161.7/171.6/264.2 ms
  48. 48. # hping2 --udp -c 100 isecom.orgHPING isecom.org (en0 216.92.116.13): udp mode set, 28 headers + 0 data bytesICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.org[...]ICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.orgICMP Port Unreachable from ip=216.92.116.13 name=isecom.org--- isecom.org hping statistic ---100 packets tramitted, 22 packets received, 78% packet lossround-trip min/avg/max = 0.0/0.0/0.0 ms
  49. 49. 11.2.3  Time
  50. 50. # curl -kisX HEAD isecom.orgHTTP/1.1 200 OKDate: Wed, 26 Oct 2012 09:30:00 GMTServer: Apache/2.2.22Last-Modified: Fri, 13 Apr 2012 15:48:14 GMTETag: "3e3a-4bd916679ab80"Accept-Ranges: bytesContent-Length: 15930Identity: The Institute for Security and Open MethodologiesP3P: Not supported at this time
  51. 51. 11.3  Ac1ve  Detec1on   Verifica1on
  52. 52. 11.3.1  Filtering
  53. 53. 11.3.2  Ac1ve   Detec1on
  54. 54. # curl -kisX HEAD "http://isecom.org/etc/passwd?format=%%&xss="><script>alert(xss);</script>&traversal=../../&sql=%20OR%201;"HTTP/1.1 404 Not FoundDate: Wed, 27 Oct 2012 09:30:00 GMTServer: Apache/2.2.22Last-Modified: Fri, 13 Apr 2012 15:48:13 GMTETag: "25db-4bd91666a6940"Accept-Ranges: bytesContent-Length: 9691Identity: The Institute for Security and OpenMethodologiesP3P: Not supported at this time
  55. 55. 11.4  Visibility  Audit
  56. 56. 11.4.1  Network   Surveying
  57. 57. # dig isecom.org @NS222.PAIR.COM A; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM A;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19360;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0;; WARNING: recursion requested but not available;; QUESTION SECTION:;isecom.org. IN A;; ANSWER SECTION:isecom.org. 3600 IN A 216.92.116.13# dig isecom.org @NS222.PAIR.COM AAAA; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM AAAA;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26450;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0# dig isecom.org @NS222.PAIR.COM AXFR; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM AXFR;; global options: +cmd; Transfer failed.
  58. 58. 11.4.2  Enumera1on
  59. 59. # nmap -sT -Pn -n --top-ports 10 isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:10CESTNmap scan report for isecom.org (216.92.116.13)Host is up (0.23s latency).PORT STATE SERVICE21/tcp open ftp22/tcp open ssh23/tcp closed telnet25/tcp filtered smtp80/tcp open http110/tcp open pop3139/tcp closed netbios-ssn443/tcp open https445/tcp closed microsoft-ds3389/tcp closed ms-wbt-serverNmap done: 1 IP address (1 host up) scanned in 2.04 seconds
  60. 60. # nmap -sT -Pn -n --top-ports 10 --reason isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:17CESTNmap scan report for isecom.org (216.92.116.13)Host is up, received user-set (0.22s latency).PORT STATE SERVICE REASON21/tcp open ftp syn-ack22/tcp open ssh syn-ack23/tcp closed telnet conn-refused25/tcp filtered smtp no-response80/tcp open http syn-ack110/tcp open pop3 syn-ack139/tcp closed netbios-ssn conn-refused443/tcp open https syn-ack445/tcp closed microsoft-ds conn-refused3389/tcp closed ms-wbt-server conn-refused
  61. 61. # nmap -sU -Pn -n --top-ports 10 --reason isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:28CESTNmap scan report for hackerhighschool.org (216.92.116.13)Host is up, received user-set (0.23s latency).PORT STATE SERVICE REASON53/udp closed domain port-unreach67/udp open|filtered dhcps no-response123/udp closed ntp port-unreach135/udp closed msrpc port-unreach137/udp closed netbios-ns port-unreach138/udp closed netbios-dgm port-unreach161/udp closed snmp port-unreach445/udp closed microsoft-ds port-unreach631/udp closed ipp port-unreach1434/udp closed ms-sql-m port-unreach
  62. 62. # nmap -sU -Pn -n -p53,67 --reason --packet-trace isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:32 CESTSENT (0.0508s) UDP 192.168.100.53:54940 > 216.92.116.13:67 ttl=46id=54177 iplen=28SENT (0.0509s) UDP 192.168.100.53:54940 > 216.92.116.13:53 ttl=37id=17751 iplen=40RCVD (0.3583s) ICMP 216.92.116.13 > 192.168.100.53 Portunreachable (type=3/code=3) ttl=54 id=1724 iplen=56SENT (2.5989s) UDP 192.168.100.53:54941 > 216.92.116.13:67 ttl=49id=33695 iplen=28Nmap scan report for isecom.org (216.92.116.13)Host is up, received user-set (0.31s latency).PORT STATE SERVICE REASON53/udp closed domain port-unreach67/udp open|filtered dhcps no-responseNmap done: 1 IP address (1 host up) scanned in 4.15 seconds
  63. 63. 11.5  Access  Verifica1on
  64. 64. 11.5.1  Network
  65. 65. 11.5.2  Services
  66. 66. # nmap -sUV -Pn -n -p53,67 --reason --packet-trace isecom.orgStarting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:44 CESTSENT (0.1730s) UDP 192.168.100.53:62664 > 216.92.116.13:53 ttl=48 id=23048iplen=40SENT (0.1731s) UDP 192.168.100.53:62664 > 216.92.116.13:67 ttl=48 id=53183iplen=28RCVD (0.4227s) ICMP 216.92.116.13 > 192.168.100.53 Port unreachable (type=3/code=3) ttl=54 id=20172 iplen=56SENT (2.4252s) UDP 192.168.100.53:62665 > 216.92.116.13:67 ttl=50 id=39909iplen=28NSOCK (3.8460s) UDP connection requested to 216.92.116.13:67 (IOD #1) EID 8NSOCK (3.8460s) Callback: CONNECT SUCCESS for EID 8 [216.92.116.13:67]Service scan sending probe RPCCheck to 216.92.116.13:67 (udp)...and more 80 packets...Nmap scan report for isecom.org (216.92.116.13)Host is up, received user-set (0.25s latency).PORT STATE SERVICE REASON VERSION53/udp closed domain port-unreach67/udp open|filtered dhcps no-response
  67. 67. # nmap -sTV -Pn isecom.org --top-ports 10 --reasonStarting Nmap 6.00 ( http://nmap.org ) at 2012-10-25 01:41CESTNmap scan report for isecom.org (216.92.116.13)Host is up, received user-set (0.17s latency).PORT STATE SERVICE REASON VERSION21/tcp open ftp syn-ack NcFTPd22/tcp open ssh syn-ack OpenSSH 6.1(protocol 2.0)23/tcp closed telnet conn-refused25/tcp filtered smtp no-response80/tcp open http syn-ack Apache httpd2.2.22110/tcp open pop3 syn-ack Dovecot pop3d139/tcp filtered netbios-ssn no-response443/tcp open ssl/http syn-ack Apache httpd2.2.22445/tcp filtered microsoft-ds no-response3389/tcp closed ms-wbt-server conn-refused
  68. 68. 11.5.3  Auten1ca1on
  69. 69. 11.6  Trust  Verifica1on
  70. 70. 11.7  Controls   Verifica1on
  71. 71. 11.8  Process  Verifica1on
  72. 72. 11.9  Configura1on   Verifica1on
  73. 73. 11.10  Property   Valida1on
  74. 74. 11.11  Segrega1on   Review
  75. 75. 11.12  Exposure   Verifica1on
  76. 76. 11.13  Compe11ve  Intelligence  Scou1ng
  77. 77. 11.14  Quaran1ne   Verifica1on
  78. 78. 11.15  Privileges  Audit
  79. 79. 11.16  Survivability   Verifica1on
  80. 80. 11.17  Alert  and  Log   Review
  81. 81. Conclusioni riferimen1,  strumen1
  82. 82. STAR  Report  e  Test  OSSTMM
  83. 83. ;-­‐)http://onofri.org/http://twitter.com/simoneonofrihttp://it.linkedin.com/simoneonofrihttp://slideshare.net/simoneonofriGRAZIE!
  84. 84. http://onofri.org/http://twitter.com/simoneonofrihttp://it.linkedin.com/simoneonofrihttp://slideshare.net/simoneonofriDOMANDE ?

×