Introduction to Vulnerability Analysis and Assessment Using Nmap (Network Mapper)<br />By: Lance Howell<br />
Vulnerability Assessment: The Process<br />Reconnaissance: Discover the Network<br />Enumerate the Devices on the Network<...
Common Vulnerabilities to Watch<br />Phishing<br />Virus Infected E-Mail<br />Buffer Overflows (HTTPD, SSHD, FTPD, RPC-DCO...
Common Tools Used in Vulnerability Assessments<br />Reconnaissance Tools	<br />DNS (dig, nslookup)<br />Google<br />Whois<...
nmap<br />http://insecure.org<br />Supports many different types of scans<br />More than just a port scanner<br />OS Finge...
Scan Types<br />TCP SYN Scan<br />TCP CONNECT Scan<br />TCP Bad Flags Scan<br />TCP ACK Scan<br />UDP Scans<br />
Port Options<br />Do you really want to scan all of the ports from 0-65535????<br />Allows mixtures of UDP and TCP<br />Ex...
OS and Services Detection<br />OS Version Determined by Observing Unique OS IP Behaviors. Features including: timestamps, ...
Introduction to Vulnerablity Assessments Using NMap
Upcoming SlideShare
Loading in …5
×

Introduction to Vulnerablity Assessments Using NMap

1,621 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,621
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
36
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • TCP SYN Scan: I send a SYN, You send either a RST or a SYN/ACK. Most common type of scan, aka “TCP Half-Open”TCP CONNECT SCAN: I send a SYN, You send RST or SYN/ACK, I send ACKTCP Bad Flags Scan: I send an illegal TCP Flags Packet, you send a RST or NothingTCP ACK Scan: I send an ACK, you send a RST or NothingUDP Scans: I send a UDP Packet, you send back ICMP Unreachable, or Response, or Nothing
  • Introduction to Vulnerablity Assessments Using NMap

    1. 1. Introduction to Vulnerability Analysis and Assessment Using Nmap (Network Mapper)<br />By: Lance Howell<br />
    2. 2. Vulnerability Assessment: The Process<br />Reconnaissance: Discover the Network<br />Enumerate the Devices on the Network<br />Determine the Services on the Devices<br />Verify Known Vulnerabilities<br />Report on Vulnerabilities<br />Repeat Over and Over<br />
    3. 3. Common Vulnerabilities to Watch<br />Phishing<br />Virus Infected E-Mail<br />Buffer Overflows (HTTPD, SSHD, FTPD, RPC-DCOM)<br />Web Server Software (CGI’s, PHP)<br />Client Browsers (XSS, Javascript, ActiveX)<br />P2P Download Viruses<br />Brute Force Password Attacks<br />Password Sniffing<br />
    4. 4. Common Tools Used in Vulnerability Assessments<br />Reconnaissance Tools <br />DNS (dig, nslookup)<br />Google<br />Whois<br />Enumeration Tools (Network Scanners)<br />nmap: http://insecure.org/<br />scanudp: http://www.geocities.com/fryxar/<br />scanrand (paketto) http://www.doxpara.com<br />Vulnerability Scanners<br />nessus: http://www.nessus.org/<br />nikto: http://www.cirt.net/<br />nsat: http://nsat.sourceforge.net/<br />n-stealth<br />hydra<br />xscan/xspy<br />
    5. 5. nmap<br />http://insecure.org<br />Supports many different types of scans<br />More than just a port scanner<br />OS Fingerprinting <br />Version of the Service Running<br />Additional NMAP Scripting Engine Capabilities<br />
    6. 6. Scan Types<br />TCP SYN Scan<br />TCP CONNECT Scan<br />TCP Bad Flags Scan<br />TCP ACK Scan<br />UDP Scans<br />
    7. 7. Port Options<br />Do you really want to scan all of the ports from 0-65535????<br />Allows mixtures of UDP and TCP<br />Ex. –sU –sS –p U:53, 111, 137, T: 21-25, 80, 139, 8080<br />By default: 2300 Services Checked<br />/usr/share/nmap/nmap-services<br />Ex. –p F<br />
    8. 8. OS and Services Detection<br />OS Version Determined by Observing Unique OS IP Behaviors. Features including: timestamps, sequence numbers, window size, ICMP, fragmentation<br />Ex. –O<br />Service Version Matches Regular Expressions in Response Packets<br />/usr/share/nmap/nmap-service-probes<br />Ex. –sV<br />Ex. –version-light<br />Ex. –version-all<br />

    ×