CSc 196n Computer Attacks & Countermeasures
Download
Report
Transcript CSc 196n Computer Attacks & Countermeasures
Week 3 Scanning
• Determine if system is alive
• Determine which services are running or
listening
• Determine the OS
Week 3-1
Week 3: Scanning
• Determining if the system is
alive?
– Once you have the target host or
network IP range next step is find
out if the system is up.
Week 3-2
Week 3: Scanning
Detecting the type of OS involves
– Active stack fingerprinting
• Send pkt to target and check
response. Type of response will tell
help guess OS.
– Passive stack fingerprinting
• Monitor ntwk traffic to determine OS
Week 3-3
Week 3: Scanning
– Hacking Tool: Pinger
– Hacking Tool: WS_Ping_Pro
– Hacking Tool: Netscan Tools Pro
2000
– Hacking Tool: Hping2
– Hacking Tool: icmpenum
Week 3-4
Week 3: Scanning
– Detecting Ping sweeps
– ICMP Queries
Week 3-5
Week 3: Scanning
– Hacking Tool: netcraft.com
– Port Scanning
Week 3-6
Week 3: Scanning
– TCPs 3-way handshake
– TCP Scan types
Week 3-7
Week 3: Scanning
– Hacking Tool: IPEye
– Hacking Tool: IPSECSCAN
– Hacking Tool: nmap
Week 3-8
Week 3: Scanning
– Port Scan countermeasures
– Hacking Tool: HTTrack Web Copier
Week 3-9
Week 3: Scanning
• Network Management Tools
• SolarWinds Toolset
Week 3-10
Week 3: Scanning
• NeoWatch
• War Dialing
Week 3-11
Week 3: Scanning
•
•
•
•
Hacking Tool: THC-Scan
Hacking Tool: PhoneSweep War Dialer
Hacking Tool: Queso
Hacking Tool: Cheops
Week 3-12
Week 3: Scanning
•
•
•
•
Proxy Servers
Hacking Tool: SocksChain
Surf the web anonymously
TCP/IP through HTTP Tunneling
Week 3-13
Week 3: Scanning
• Hacking Tool: HTTPort
Week 3-14
Week 3: Scanning
– Summary
Week 3-15
Some Uses of Port Scanning
• Network Inventory
– Want to know IP addresses of all your servers?
– Want to how many machines are running?
• Ntwk/Svr Optimization
– Can find which svcs are running on each server and
delete which services you don’t need to improve
security and performance
• Finding Spyware, Trojans, and Worms
– Eg. Many well known trojans use large port #s. For
Back Orifice uses 54321
• Looking for unauthorized and Illicit services
Week 3-16