SlideShare a Scribd company logo

Hacking3e ppt ch06

S
Skillspire LLC

cybersecurity

Education
1 of 31
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Hacker Techniques, Tools, and Incident Handling Chapter 6 Port Scanning
Page 2 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Identify common information-gathering tools and techniques.
Page 3 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts  Determining the network range  Identifying active machines  Mapping open ports  Operating system (OS) fingerprinting  Network mapping
Page 4 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Determining the Network Range  Gather information about the range of the Internet Protocol (IP) addresses used by the target • Enables port scanning to be more accurate and effective as only the IP addresses of the intended victim are scanned • Lack of network range information results in inaccurate and ineffective scans and may set off detection measures
Page 5 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Identifying Active Machines Wardialing Wardriving and related activities Pinging Port scanning
Page 6 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Wardialing  Legacy technique popular in the 1980s and 1990s when it was used as a footprinting tool  An attacker would pick a town at random and dial a range of phone numbers in that town to turn up several computers with modems attached
Page 7 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Wardriving and Related Activities  Wardriving • The process of locating wireless access points and gaining information about the configuration of each • Enables an attacker to gain quick and easy access to the internal network of a company • Ease of carrying a small device with a wireless adapter, GPS receiver, and software to collect information gave rise to warwalking, warjogging, warbiking, and warflying
Page 8 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Wardriving and Related Activities (Cont.)  Tools for defending against wardriving: • AirSnort—Wireless cracking tool • AirSnare—An intrusion detection system that notifies you when an unapproved machine connects to your wireless network • Kismet—Wireless network detector, sniffer, and intrusion detection system commonly found on Linux • NetStumbler—Wireless network detector; also available for Mac and handheld devices
Page 9 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Pinging  A technique used to determine if a system is active  Pings: • Send an Internet Control Message Protocol (ICMP) message • Can be used to identify active machines, measure speed at which packets are moved from one host to another, and obtain details such as the time to live (TTL)
Page 10 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Port Scanning  A technique used to discover what services are active on a system  Designed to probe each port on a system in an effort to determine which ports are open  Very effective method for gaining host information
Page 11 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Port Scanning: Common Port Numbers
Page 12 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. TCP Port Scanning Techniques  Flags are used in TCP protocol to describe status of a packet and the communication that goes with it  Flags are bits set in packet header, describe a specific behavior  TCP features enable penetration testers or attackers to craft TCP packets designed to gain information about running applications or services
Page 13 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. TCP Port Scanning Techniques (Cont.) TCP connect scan TCP SYN scan TCP FIN scan TCP NULL scan TCP ACK scan TCP ACK scan
Page 14 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. TCP Port Scanning Techniques: TCP Flag Types
Page 15 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Detecting Half-Open Connections
Page 16 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Port Scanning Countermeasures Deny all Proper design Firewall testing Port scanning Security awareness training
Page 17 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Mapping Open Ports Nmap SuperScan Scanrand THC-Amap
Page 18 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Nmap  Nmap (Network Mapper) • One of the most widely used security tools • Is a port scanner with capability to perform a number of different scan types • Available in Windows, Linux, MacOS, and others • Command-line application and graphical user interface (GUI) version (Zenmap)  To perform an Nmap scan at Windows command prompt: nmap <IP address> <options>
Page 19 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Nmap (Cont.)  Example: nmap –sT 192.168.123.254  Response: Starting Nmap 7.60 (http://nmap.org) at 2017-10-17 10:37 Central Daylight Time Interesting ports on 192.168.123.254: Not shown: 1711 filtered ports PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 2601/tcp open zebra 2602/tcp open ripd MAC Address: 00:16:01:D1:3D:5C (Linksys) Nmap done: 1 IP address (1 host up) scanned in 113.750 seconds
Page 20 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Using Nmap  Results display status of port in one of three states: • Open: Target device is accepting connections on the port • Closed: Port is not listening or accepting connections • Filtered: Firewall, filter, or other network device is monitoring the port and preventing full probing to determining its status
Page 21 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SuperScan
Page 22 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Scanrand Scanning tool Can scan a single host or large-scan networks Scans ports in parallel using technique known as stateless scanning Used when large numbers of IP addresses need to be scanned quickly
Page 23 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. THC-Amap THC-Amap (The Hacker’s Choice – Another Mapper) • Stores a collection of normal responses that can be provided to ports to elicit a response when scanning services that use encryption • Allows security professionals the ability to find services that have been redirected from standard ports
Page 24 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. OS Fingerprinting  Open ports that are discovered provide clues to what operating system (OS) a target is running  Determining the OS that is running on a specific target is the purpose of OS fingerprinting  Once an OS is identified, it is possible to better focus attacks Active fingerprinting Passive fingerprinting
Page 25 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. OS Fingerprinting (Cont.)  Passive OS fingerprinting • Generally does not yield results as quickly as active OS fingerprinting • Allows an attacker to obtain information about a target without triggering network defensive measures • Victim has less chance of detecting and reacting to the impending attack  Active OS fingerprinting • Contacts host; passive fingerprinting does not
Page 26 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Active OS Fingerprinting  Send specially crafted packets to target system  When responses are received from target system, make educated guess as to the operating system that is present  Examples of tools: • Xprobe2 • Nmap
Page 27 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Passive OS Fingerprinting  Does not interact with the target system  Monitors or captures network traffic  Traffic is analyzed for patterns that suggest which operating systems are in use  Offers a level of stealth; harder to detect these tools  Example of passive OS fingerprinting tool • p0f Tool
Page 28 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Mapping the Network • SolarWinds, Auvik, Open-AudIT, The Dude, Angry IP Scanner, Spiceworks Map IT, and Network Notepad Tools • Record info in notebook or spreadsheet Manual maps  Create a network diagram to show vulnerable or potentially vulnerable devices on target network
Page 29 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Analyzing the Results 1. Analyze the services that have been revealed. 2. Explore vulnerabilities for each service or system. 3. Research and locate any potential exploits that can be used to attack the system. The attacker can use a search engine to gather information about potential attacks by searching the OS and exploits.
Page 30 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Microsoft IIS Vulnerabilities
Page 31 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  Identification of target systems  Port and vulnerability scanning techniques  Network mapping tools

Recommended

Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04Skillspire LLC
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11Skillspire LLC
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09Skillspire LLC
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01Skillspire LLC
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05Skillspire LLC
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15Skillspire LLC
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02Skillspire LLC
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03Skillspire LLC
 

Recommended

Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04Skillspire LLC
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11Skillspire LLC
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09Skillspire LLC
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01Skillspire LLC
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05Skillspire LLC
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15Skillspire LLC
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02Skillspire LLC
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03Skillspire LLC
 
Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13Skillspire LLC
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10Skillspire LLC
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10Skillspire LLC
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14Skillspire LLC
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03Skillspire LLC
 
Forensic3e ppt ch07
Forensic3e ppt ch07Forensic3e ppt ch07
Forensic3e ppt ch07Skillspire LLC
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11Skillspire LLC
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsVi Tính Hoàng Nam
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Ce hv6 module 62 case studies
Ce hv6 module 62 case studiesCe hv6 module 62 case studies
Ce hv6 module 62 case studiesVi Tính Hoàng Nam
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9UISGCON
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber SecurityDimitris Chalambalis
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0Deepak Kumar (D3)
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBIBenjamin Ang
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 

More Related Content

What's hot

Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsVi Tính Hoàng Nam
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9UISGCON
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBIBenjamin Ang
 

What's hot (20)

Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03
 
Forensic3e ppt ch07
Forensic3e ppt ch07Forensic3e ppt ch07
Forensic3e ppt ch07
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
Ce hv6 module 62 case studies
Ce hv6 module 62 case studiesCe hv6 module 62 case studies
Ce hv6 module 62 case studies
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
 
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBI
 

Similar to Hacking3e ppt ch06

ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityAPNIC
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationssusercb4686
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...Eric Vanderburg
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in ActionSatnam Singh
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...Adam Pennington
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsdrewz lin
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 

Similar to Hacking3e ppt ch06 (20)

ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
 
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in Action
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
Net Defender
Net DefenderNet Defender
Net Defender
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 

More from Skillspire LLC

Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analyticsSkillspire LLC
 

More from Skillspire LLC (20)

Logistics
LogisticsLogistics
Logistics
 
Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analytics
 
Lecture 31
Lecture 31Lecture 31
Lecture 31
 
Lecture 30
Lecture 30Lecture 30
Lecture 30
 
Lecture 29
Lecture 29Lecture 29
Lecture 29
 
Review
ReviewReview
Review
 
Review version 4
Review version 4Review version 4
Review version 4
 
Review version 3
Review version 3Review version 3
Review version 3
 
Review version 2
Review version 2Review version 2
Review version 2
 
Lecture 25
Lecture 25Lecture 25
Lecture 25
 
Lecture 24
Lecture 24Lecture 24
Lecture 24
 
Lecture 23 p1
Lecture 23 p1Lecture 23 p1
Lecture 23 p1
 
Lecture 21
Lecture 21Lecture 21
Lecture 21
 
Lecture 17
Lecture 17Lecture 17
Lecture 17
 
Lecture 16
Lecture 16Lecture 16
Lecture 16
 
Lecture 15
Lecture 15Lecture 15
Lecture 15
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 13
Lecture 13Lecture 13
Lecture 13
 
Lecture 12
Lecture 12Lecture 12
Lecture 12
 

Recently uploaded

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 

Recently uploaded (20)

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 

Hacking3e ppt ch06

  • 1. © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Hacker Techniques, Tools, and Incident Handling Chapter 6 Port Scanning
  • 2. Page 2 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Identify common information-gathering tools and techniques.
  • 3. Page 3 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts  Determining the network range  Identifying active machines  Mapping open ports  Operating system (OS) fingerprinting  Network mapping
  • 4. Page 4 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Determining the Network Range  Gather information about the range of the Internet Protocol (IP) addresses used by the target • Enables port scanning to be more accurate and effective as only the IP addresses of the intended victim are scanned • Lack of network range information results in inaccurate and ineffective scans and may set off detection measures
  • 5. Page 5 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Identifying Active Machines Wardialing Wardriving and related activities Pinging Port scanning
  • 6. Page 6 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Wardialing  Legacy technique popular in the 1980s and 1990s when it was used as a footprinting tool  An attacker would pick a town at random and dial a range of phone numbers in that town to turn up several computers with modems attached
  • 7. Page 7 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Wardriving and Related Activities  Wardriving • The process of locating wireless access points and gaining information about the configuration of each • Enables an attacker to gain quick and easy access to the internal network of a company • Ease of carrying a small device with a wireless adapter, GPS receiver, and software to collect information gave rise to warwalking, warjogging, warbiking, and warflying
  • 8. Page 8 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Wardriving and Related Activities (Cont.)  Tools for defending against wardriving: • AirSnort—Wireless cracking tool • AirSnare—An intrusion detection system that notifies you when an unapproved machine connects to your wireless network • Kismet—Wireless network detector, sniffer, and intrusion detection system commonly found on Linux • NetStumbler—Wireless network detector; also available for Mac and handheld devices
  • 9. Page 9 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Pinging  A technique used to determine if a system is active  Pings: • Send an Internet Control Message Protocol (ICMP) message • Can be used to identify active machines, measure speed at which packets are moved from one host to another, and obtain details such as the time to live (TTL)
  • 10. Page 10 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Port Scanning  A technique used to discover what services are active on a system  Designed to probe each port on a system in an effort to determine which ports are open  Very effective method for gaining host information
  • 11. Page 11 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Port Scanning: Common Port Numbers
  • 12. Page 12 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. TCP Port Scanning Techniques  Flags are used in TCP protocol to describe status of a packet and the communication that goes with it  Flags are bits set in packet header, describe a specific behavior  TCP features enable penetration testers or attackers to craft TCP packets designed to gain information about running applications or services
  • 13. Page 13 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. TCP Port Scanning Techniques (Cont.) TCP connect scan TCP SYN scan TCP FIN scan TCP NULL scan TCP ACK scan TCP ACK scan
  • 14. Page 14 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. TCP Port Scanning Techniques: TCP Flag Types
  • 15. Page 15 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Detecting Half-Open Connections
  • 16. Page 16 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Port Scanning Countermeasures Deny all Proper design Firewall testing Port scanning Security awareness training
  • 17. Page 17 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Mapping Open Ports Nmap SuperScan Scanrand THC-Amap
  • 18. Page 18 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Nmap  Nmap (Network Mapper) • One of the most widely used security tools • Is a port scanner with capability to perform a number of different scan types • Available in Windows, Linux, MacOS, and others • Command-line application and graphical user interface (GUI) version (Zenmap)  To perform an Nmap scan at Windows command prompt: nmap <IP address> <options>
  • 19. Page 19 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Nmap (Cont.)  Example: nmap –sT 192.168.123.254  Response: Starting Nmap 7.60 (http://nmap.org) at 2017-10-17 10:37 Central Daylight Time Interesting ports on 192.168.123.254: Not shown: 1711 filtered ports PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 2601/tcp open zebra 2602/tcp open ripd MAC Address: 00:16:01:D1:3D:5C (Linksys) Nmap done: 1 IP address (1 host up) scanned in 113.750 seconds
  • 20. Page 20 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Using Nmap  Results display status of port in one of three states: • Open: Target device is accepting connections on the port • Closed: Port is not listening or accepting connections • Filtered: Firewall, filter, or other network device is monitoring the port and preventing full probing to determining its status
  • 21. Page 21 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SuperScan
  • 22. Page 22 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Scanrand Scanning tool Can scan a single host or large-scan networks Scans ports in parallel using technique known as stateless scanning Used when large numbers of IP addresses need to be scanned quickly
  • 23. Page 23 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. THC-Amap THC-Amap (The Hacker’s Choice – Another Mapper) • Stores a collection of normal responses that can be provided to ports to elicit a response when scanning services that use encryption • Allows security professionals the ability to find services that have been redirected from standard ports
  • 24. Page 24 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. OS Fingerprinting  Open ports that are discovered provide clues to what operating system (OS) a target is running  Determining the OS that is running on a specific target is the purpose of OS fingerprinting  Once an OS is identified, it is possible to better focus attacks Active fingerprinting Passive fingerprinting
  • 25. Page 25 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. OS Fingerprinting (Cont.)  Passive OS fingerprinting • Generally does not yield results as quickly as active OS fingerprinting • Allows an attacker to obtain information about a target without triggering network defensive measures • Victim has less chance of detecting and reacting to the impending attack  Active OS fingerprinting • Contacts host; passive fingerprinting does not
  • 26. Page 26 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Active OS Fingerprinting  Send specially crafted packets to target system  When responses are received from target system, make educated guess as to the operating system that is present  Examples of tools: • Xprobe2 • Nmap
  • 27. Page 27 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Passive OS Fingerprinting  Does not interact with the target system  Monitors or captures network traffic  Traffic is analyzed for patterns that suggest which operating systems are in use  Offers a level of stealth; harder to detect these tools  Example of passive OS fingerprinting tool • p0f Tool
  • 28. Page 28 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Mapping the Network • SolarWinds, Auvik, Open-AudIT, The Dude, Angry IP Scanner, Spiceworks Map IT, and Network Notepad Tools • Record info in notebook or spreadsheet Manual maps  Create a network diagram to show vulnerable or potentially vulnerable devices on target network
  • 29. Page 29 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Analyzing the Results 1. Analyze the services that have been revealed. 2. Explore vulnerabilities for each service or system. 3. Research and locate any potential exploits that can be used to attack the system. The attacker can use a search engine to gather information about potential attacks by searching the OS and exploits.
  • 30. Page 30 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Microsoft IIS Vulnerabilities
  • 31. Page 31 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  Identification of target systems  Port and vulnerability scanning techniques  Network mapping tools