1 / 21

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems. Scanning. War Driving. Finding wireless access points. NetStumbler. Sends out ESSID any Waits for Access Points to respond www.netstumber.com (free) Figure 6.1 on page 244. Wellenreiter. Passively discovers wireless systems Linux

piera
Télécharger la présentation

CIT 380: Securing Computer Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems

  2. War Driving • Finding wireless access points CIT 380: Securing Computer Systems

  3. NetStumbler • Sends out ESSID any • Waits for Access Points to respond • www.netstumber.com (free) • Figure 6.1 on page 244 CIT 380: Securing Computer Systems

  4. Wellenreiter • Passively discovers wireless systems • Linux • Figure 6.2 on page 246 CIT 380: Securing Computer Systems

  5. ESSID-Jack • Figure 6.3 page 248 CIT 380: Securing Computer Systems

  6. Defenses • Use WPA protocol • Use ESSID that does not identify you • Use VPN • Detecting Rogue Access Points CIT 380: Securing Computer Systems

  7. War Dialing • Attacker dial range of numbers looking for modems • THC-Scan Figure 6.4 on page 255 • Random dialing • Random waiting time • Nudging to discover the system from banners and login prompt CIT 380: Securing Computer Systems

  8. War Dialing • Look for systems without passwords • Look for default passwords • Run list of passwords CIT 380: Securing Computer Systems

  9. Why Modems • To allow access to routers, etc. • To bypass VPNs (Rogue Modems) CIT 380: Securing Computer Systems

  10. Defenses • Modem Policy • Test for rogue modems CIT 380: Securing Computer Systems

  11. Topics • Port Scanning • Stealth Scanning • Version Identification • OS Fingerprinting • Vulnerability Scanning CIT 380: Securing Computer Systems

  12. Port Scanning Method of discovering exploitable communication channels by probing networked hosts to find which TCP and UDP ports they’re listening on. CIT 380: Securing Computer Systems

  13. nmap • Fyodor • Table 6.2 on pages 270-1 CIT 380: Securing Computer Systems

  14. nmap TCP connect() scan > nmap -sT at204m02 (1645 ports scanned but not shown are in state: closed) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 515/tcp open printer 2049/tcp open nfs 4045/tcp open lockd 5432/tcp open postgres 5901/tcp open vnc-1 6000/tcp open X11 32775/tcp open sometimes-rpc13 Nmap run completed -- 1 IP address (1 host up) scanned in 43.846 seconds CIT 380: Securing Computer Systems

  15. Scanning Techniques • TCP connect() scan • TCP SYN scan • TCP FIN scan • TCP Xmas scan • TCP Null scan • TCP ACK scan • Fragmentation Scan • FTP bounce scan • Idle Scan • UDP scan CIT 380: Securing Computer Systems

  16. TCP connect() scan • Use connect() system call on each port, following normal TCP connection protocol (3-way handshake). • connect() will succeed if port is listening. • Advantages: fast, requires no privileges • Disadvantages: easily detectable and blockable. CIT 380: Securing Computer Systems

  17. TCP SYN Scan • Send SYN packet and wait for response • SYN+ACK • Port is open • Send RST to tear down connection • RST • Port is closed • Advantage: less likely to be logged or blocked • Disadvantage: requires root privilege CIT 380: Securing Computer Systems

  18. TCP FIN scan • Send TCP FIN packet and wait for response • No response • Port is open • RST • Port is closed. • Advantages: more stealthy than SYN scan • Disadvantages: MS Windows doesn’t follow standard (RFC 793) and responds with RST in both cases, requires root privilege. CIT 380: Securing Computer Systems

  19. Xmas and Null Scans • Similar to FIN scan with different flag settings. • Xmas Scan: Sets FIN, URG, and PUSH flags. • Null Scan: Turns off all TCP flags. CIT 380: Securing Computer Systems

  20. TCP ACK Scan • Does not identify open ports • Used to determine firewall type • Packet filter (identifies responses by ACK bit) • Stateful • Send TCP ACK packet to specified port • RST • Port is unfiltered (packet got through) • No response or ICMP unreachable • Port is filtered CIT 380: Securing Computer Systems

  21. Fragmentation Scan • Modify TCP stealth scan (SYN, FIN, Xmas, NULL) to use tiny fragmented IP datagrams. • Advantages: increases difficulty of scan detection and blocking. • Disadvantages: does not work on all Oses, and may crash some firewalls/sniffers. CIT 380: Securing Computer Systems

More Related