Network scanning

Network scanning

• 1.
  Network Basics • Anetowk consist of 3 parts 1. IP Address 2. Services 3. Port • IP Addresses – An address is comprised of two parts- a network address and a host address and determined by the subnet mask. – A simple example is 192.168.1.1 with a subnet mask of 255.255.255.0. • 192.168.1 is the network address (the 192.168.1.0 network) and .1 is a host address on that network. Oceanofwebs.com 1
• 2.
  • Services – Thenetwork protocol that listens for incoming connection requests and links the server application with the client – Typically each service runs on a set of specific ports – In actuality, any service can run on any port • Therefore, you should put only limited trust in port/service mappings. – Use an application scanner (service detection) to ensure find out what application is really running on that port. – Nmap has service detection 2Oceanofwebs.com
• 3.
  • Ports • Aport is where a service listens for connections • Common services use common well-known ports • Could use any port as long as both the server and the client know which port to connect to • Ports allow different services to be available from one location or IP Address 3Oceanofwebs.com
• 4.
  Scanning • Types ofscanning – Host (Ping) Scanning – Port Scanning – Vulnerability Scanning 4Oceanofwebs.com
• 5.
  Host Scanning • Hackersperform host scanning to locate and identify hosts on the network. • Usually by “pinging” a range of IP addresses. • Host which respond to pings may be targeted for attack. 5Oceanofwebs.com
• 6.
  Port Scanning • Hackersperform Port Scans to determine what services a host may be running. • By knowing the services the hacker can attempt attacks against known vulnerabilities in the service. • Port scans attempt to make initial connection to service running on a particular port number. • Port scans are invasive and are easily detected by Intrusion Detection and/or firewalls. 6Oceanofwebs.com
• 7.
  Vulnerability Scanning • Whatis vulnerability scanning? – Used to find known flaws within an application or network. – These scanning tools are typically signature based and can only find vulnerabilities that the tools know about. – Many good commercial and freeware tools are available. 7Oceanofwebs.com
• 8.
  Scanning Tools • Host& Port Scanning – Nmap • Vulnerability Scanning – GFI and Nessus 8Oceanofwebs.com
• 9.
  9Oceanofwebs.com
• 10.
  Scanning Tool -Nmap • The only port scanner you’ll need • Pros – FREE – Continually Updated – OS Detection and Service Detection – Support for both Windows and Unix • Cons – No standard Graphical User Interface LINK: (www.insecure.org) 10Oceanofwebs.com
• 11.
  Scanning Tool- SuperScan Pro’s –FREE download from Foundstone – Very stable, Fairly fast – Graphical User Interface Con’s – Windows version only – No stealth options, no Firewall Evasion – Service Detection/Application Mapping • LINK: (www.foundstone.com) 11Oceanofwebs.com
• 12.
  12Oceanofwebs.com
• 13.
  Scanning Tool –Nessus • Pros – Nessus is free – Large plugin or signature base – You can customize and create new plugins • Cons – Tenable took Nessus private (closed source) – Purchasing plans for new plugins – Shareware plug-ins are seven days behind LINK: (www.nessus.org) 13Oceanofwebs.com
• 14.
  Scanning Tool – GFILANguard Network Security Scanner • Pros – Port Scanner, Enumeration, and Vulnerability Scanner – Many features such as SNMP and SQL brute force – Great for Windows networks • Cons – Lacks extensive signatures for other operating systems – Look to Nessus for scanning heterogeneous networks 14Oceanofwebs.com