Port Scanners

Embed Size (px)

DESCRIPTION

Port Scanners. Introduction. The first step in the process of hacking Discover the services Version label Operation System Send few packets to the host. Pre Study. TCP Packet Header. TCP conversation. Connect. Disconnect. Client. Server. Client. Server. SYN. FIN. SYN/ACK. - PowerPoint PPT Presentation

Text of Port Scanners

  • *Port Scanners

    *

    IntroductionThe first step in the process of hackingDiscover the servicesVersion labelOperation SystemSend few packets to the host

    *

    Pre StudyTCP Packet Header

    *

    TCP conversationClientServerSYNSYN/ACKACKConnection EstablishedClientServerFINACK/FINACKConnectionClosedConnectDisconnectThree-way handshake

    *

    TCP Flag Definitions

    FlagSYNThe beginning of a connectionACKAcknowledge receipt of a previous packet or transmissionFINClose a TCP connectionRSTAbort a TCP connection

    *

    Scanning for HostsIs the host alive ?MethodPingnmap sP 192.168.0.1TCP Pingnmap sT 192.168.0.1

    *

    Scanning for TCP PortsTCP connectnmap sT 192.168.0.1RPC servicenmap sR 192.168.0.1

    *

    SYN ScanNmap sS

    Nmap sends to Host PortNmap receives from Host PortNmap AssumesSYNSYN/ACKPort is openHost is upSYNRSTPort is closedHost is upSYNNothingPort is blocked by firewallOr Host is down

    *

    ACK ScanNo firewall~Protected by firewall~Nmap sA

    Nmap sends to Host PortNmap receives from Host PortNmap AssumesACKRSTPort is not firewall-protectPort may be open or closedHost is upACKNothing or ICMP unreachablePort is blocked by firewall if host is up

    *

    FIN ScanNmap sF

    Nmap sends to Host PortNmap receives from Host PortNmap AssumesFINRSTPort is closed Host is upFINNothingPort is open if host is up and not firewall-protected

    *

    Xmas ScanNon-normal TCP operationSet the flags FIN,URG,PUSHWith sXNmap sX

    *

    Null scanTurn off all flags

    With -sNNmap sN

    *

    Scanning for UDP PortsNmap sU

    Nmap sends to Host PortNmap receives from Host PortNmap AssumesEmpty UDP packetNothingPort assumed open if host responds to Ping.Port may be closed if firewall blocking ICMPEmpty UDP packetICMP unreachablePort is closed

    *

    Scanning for ProtocolIP HeaderNmap sO

    *

    DecoysFragmentationHiding Your Scan(-D)(-r)(-f)Nmap sS f With sS sF sN -sXFTP BounceNmap b anonymous@ p Nmap D Disable Randomizing PortsNmap r

    *

    Timing Your ScanTime-based algorithmUsing -T optionNmap T

    nameProbe Response TimeoutTime Spent on One HostTime between ProbesUse Parallelized ProbesParanoid5 minUnlimited5 minNoSneaky15 secUnlimited12 secNoPolite6 secUnlimited0.4 secNoNormal6 secUnlimitedNoneNoAggressive1 sec5 minNoneYesInsane0.3 sec75 secNoneYes

    *

    TCP Reverse Ident ScanningWho runs the process (-I)Nmap I

    *

    OS FingerprintingWith O flagSending specially TCP and UDP headers

    Analyze the result and compare information

    OS information

    *

    OS Detection on LinuxNmap O 192.168.0.1

    *

    Mapping NetworksScanning a Class C subnet

    *

    Mapping NetworksPort scans in IP section

    *

    Scanning Tools on windowsNetscantoolsSuperscanIPEYEWUPS

    ***************With sS sF sX sN.Break up the TCP headerspoof*******