Upload
others
View
6
Download
1
Embed Size (px)
Citation preview
Host Security Analysis with Nmap
Why would you Scan?
– To collect empirical data to help secure your infrastructure
– Detect and resolve Nmap bugs and performance issues through the large scale scanning.
– Demonstrate useful techniques for routine scans
Scan Challenges ?
– P2P scanning?– Legal issues– ISP response– Network Conditions
Can you member anything from this?
What is NMAP?Nmap, short for "network mapper", is an open source utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network. It can be used for IT auditing and asset discovery as well as for security profiling of the network.
Supported Platform – – Linux/Unix– MAC– Windows
What is NMAP?
What does Nmap do?
It uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Namp Process
– If hostname use as target, nmap will perform dns lookup to scan. But if ip address use as target, dns lookup will not process
– Nmap pings the romote device. Can disable ping with option (- Pn)
– If IP address is specified as the remote host, Reverse DNS will occur. We can use option (-n) to disable if we think it is not necessary
– Nmap executes the scan.
Some of Scan Types
Connect PING
FIN, Xmas, Null IP Protocol Scan
UDP Scan Windows Scan
ACK Scan List Scan
RPC Scan
SYN Stealth
Nmap Basic – first scan
Nmap Basic – TCP SYN Scan (-sS)
– Allow nmap to gather information about open ports without completing the TCP handshake process.
– By default if nmap scan option isn’t specified on the command line, TCP SYN scan is use
[~]$ namp --sS -v 172.16.0.111
Nmap Basic – TCP SYN Scan (-sT)
– Allow nmap to gather information about open ports with completing the TCP handshake process.
[~]$ nmap –sT –v 172.16.0.111
Nmap Basic – PING Scan (-sP)
– Ping Scan is a quickest scan that nmap perform. – It is useful to determine remote hosts are up or down.
[~]$ nmap -v -sP 172.16.0.111 --packet_trace
Nmap Basic – Version check (-sV)
– Gather version of application of remote host
– The version detection scan runs automatically if the Aggressive Scan (-A) is selected.
[~]$ nmap -v -sV -A 172.16.0.111
Nmap Basic – UDP Scan (-sV)
– UDP has no need to process 3 way handshake or SYN, FIN, and RST.
[~]$ nmap -v -sU -A 172.16.0.111 --packet_trace
Nmap Basic – ACK Scan (-sA)
– ACK Scan to determine port filter or unfilter
[~]$ nmap -v -sA 172.16.0.111
Nmap output loggingThere are couple of options to save the output.
– Normal Format (-oN <Logfilename>)#nmap -sS -v 172.16.0.111 --packet_trace -oN nmap_output
– XML Format (-oX <Logfilenmae>) #nmap -sS -v 172.16.0.111 --packet_trace -oN nmap_output
– Grepable Format (-oG <filename>) #nmap -sS -v 172.16.0.111 --packet_trace -oG nmap_output
– All Formats (-oA <filename>), it will create 3 different output (Normal, XML, grepable output) #nmap -sS -v 172.16.0.111 --packet_trace -oA nmap_output
Vulnerability check with Nmap– Nmap can be used to check target host vulnerability. It has an scripting options by-default, named NSE Nmap Scripting Engine.– Advanced user can create their own script according to their need.– Location of nmap scripting directory
Questions ????
1. Do the exercise
– install nmap
– run a scan to you fellow partner
– check the output and study