CIT 380: Securing Computer Systems

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CIT 380: Securing Computer Systems"

Transcription

1 CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1

2 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning CIT 380: Securing Computer Systems Slide #2

3 Port Scanning Port scanning is a method of discovering potential input channels on a host by proving the TCP and UDP ports on which services may be listening. CIT 380: Securing Computer Systems Slide #3

4 nmap TCP connect() scan > nmap -st scanme.nmap.org Starting Nmap 6.40 ( ) at Nmap scan report for scanme.nmap.org ( ) Host is up (0.11s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 1720/tcp filtered H.323/Q /tcp open nping-echo done: 1 IP address (1 host up) scanned in 9.92 seconds CIT 380: Securing Computer Systems Slide #4

5 Scanning Techniques 1. TCP connect() scan 2. TCP SYN scan 3. TCP FIN scan 4. TCP Xmas scan 5. TCP Null scan 6. TCP ACK scan 7. Fragmentation Scan 8. FTP bounce scan 9. Idle Scan 10. UDP scan CIT 380: Securing Computer Systems Slide #5

6 TCP connect() scan Use connect() system call on each port, following normal TCP connection protocol (3-way handshake). connect() will succeed if port is listening. Advantages: fast, requires no privileges Disadvantages: easily detectable and blockable. CIT 380: Securing Computer Systems Slide #6

7 TCP SYN Scan Send SYN packet and wait for response SYN+ACK Port is open Send RST to tear down connection RST Port is closed Advantage: less likely to be logged or blocked Disadvantage: requires root privilege CIT 380: Securing Computer Systems Slide #7

8 TCP FIN scan Send TCP FIN packet and wait for response No response Port is open RST Port is closed. Advantages: more stealthy than SYN scan Disadvantages: MS Windows doesn t follow standard (RFC 793) and responds with RST in both cases, requires root privilege. CIT 380: Securing Computer Systems Slide #8

9 Xmas and Null Scans Similar to FIN scan with different flag settings. Xmas Scan: Sets FIN, URG, and PUSH flags. Null Scan: Turns off all TCP flags. CIT 380: Securing Computer Systems Slide #9

10 TCP ACK Scan Does not identify open ports Used to determine firewall type Packet filter (identifies responses by ACK bit) Stateful Send TCP ACK packet to specified port RST Port is unfiltered (packet got through) No response or ICMP unreachable Port is filtered CIT 380: Securing Computer Systems Slide #10

11 Fragmentation Scan Modify TCP stealth scan (SYN, FIN, Xmas, NULL) to use tiny fragmented IP datagrams. Advantages: increases difficulty of scan detection and blocking. Disadvantages: does not work on all Oses, and may crash some firewalls/sniffers. CIT 380: Securing Computer Systems Slide #11

12 FTP Bounce Scan FTP protocol supports proxy ftp Client requests server send file to another IP, port. If server can open connection, port is open. Advantages: Hide identity of scanning host. Bypass firewalls by using ftp server behind firewall. Disadvantages: Most ftp servers no longer support proxying. Printer ftp servers often do still support. CIT 380: Securing Computer Systems Slide #12

13 Idle Scan Use intermediate idle host to do scan. Idle host must increment IP ID for each packet. Idle host must not receive traffic from anyone other than attacker. Scan Process 1. Attacker connects to idle host to obtain initial IP ID X. 2. Send SYN packet to port Y of target with spoofed IP of idle host. 3. If port is open, target host will send SYN+ACK to idle host. 4. Idle host with send RST packet with IP ID X+1 to target. 5. Attacker connects with SYN to idle host to obtain updated IP ID. 6. Idle host sends back SYN+ACK to attacker. Note that this action will increment IP ID by 1. If IP ID is X+2, then port Y on target is open. Advantages: hides scanner IP address from target. CIT 380: Securing Computer Systems Slide #13

14 UDP Scans Send 0-byte UDP packet to each UDP port UDP packet returned Port is open ICMP port unreachable Port is closed Nothing Port listed as open filtered Could be that packet was lost. Could be that server only returns UDP on valid input. Disadvantages: ICMP error rate throttled to a few packets/second (RFC 1812), making UDP scans of all ports very slow. MS Windows doesn t implement rate limiting. CIT 380: Securing Computer Systems Slide #14

15 Version Scanning Port scanning reveals which ports are open Guess services on well-known ports. How can we do better? Find what server: vendor and version telnet/netcat to port and check for banner Version scanning CIT 380: Securing Computer Systems Slide #15

16 Banner Checking with netcat > nc 80 GET / HTTP/1.1 HTTP/ Bad Request Date: Sun, 07 Oct :27:08 GMT Server: Apache/ (Unix) mod_perl/1.29 PHP/4.4.1 mod_ssl/ OpenSSL/0.9.7a Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>400 Bad Request</TITLE> </HEAD><BODY> <H1>Bad Request</H1> Your browser sent a request that this server could not understand.<p> client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /<P> </BODY></HTML> CIT 380: Securing Computer Systems Slide #16

17 Version Scanning 1. If port is TCP, open connection. 2. Wait for service to identify self with banner. 3. If no identification or port is UDP, 1. Send probe string based on well-known service. 2. Check response against db of known results. 4. If no match, test all probe strings in list. CIT 380: Securing Computer Systems Slide #17

18 nmap version scan > nmap -sv scanme.nmap.org Starting Nmap 6.40 ( ) at :11 EDT Nmap scan report for scanme.nmap.org ( ) Host is up (0.10s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7 (protocol 2.0) 80/tcp open http Apache httpd ((Ubuntu)) 1720/tcp filtered H.323/Q /tcp open nping-echo Nping echo Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel CIT 380: Securing Computer Systems Slide #18

19 Set source port More nmap Tools Bypass firewall by using allowed source port. Use port 80 for TCP, port 53 for UDP scans. Decoys Send additional scans from list of decoys. Spoof IP addresses of decoy hosts. Defender has to investigate decoys + attacker. CIT 380: Securing Computer Systems Slide #19

20 Defences Prevention Disable unnecessary services. Block ports at firewall. Use a stateful firewall instead of packet filter. Detection Network Intrusion Detection Systems. Port scans often have distinct signatures. IPS can react to scan by blocking IP address. CIT 380: Securing Computer Systems Slide #20

21 OS Fingerprinting Identify OS by specific features of its TCP/IP network stack implementation. Explore TCP/IP differences between OSes. Build database of OS TCP/IP fingerprints. Send set of specially tailored packets to host Match results to identical fingerprint in db to identify operating system type and version. CIT 380: Securing Computer Systems Slide #21

22 nmap OS fingerprint examples > sudo nmap -O scanme.nmap.org Device type: general purpose Running: Linux 2.6.X 3.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux Uptime guess: day TCP Sequence Prediction: Difficulty=202 (Good luck!) IP ID Sequence Generation: All zeros > sudo nmap v -O Device type: general purpose Running: Linux 2.4.X OS CPE: cpe:/o:linux:linux_kernel:2.4 OS details: Linux (likely embedded) Uptime guess: days TCP Sequence Prediction: Difficulty=196 (Good luck!) IP ID Sequence Generation: All zeros CIT 380: Securing Computer Systems Slide #22

23 OS Fingerprinting Techniques FIN probe RFC 793 requires no response MS Windows, BSDI, Cisco IOS send RST Bogus flag probe Bit 7 of TCP flags unused Linux < keeps flag set in response TCP ISN sampling Different algorithms for TCP ISNs IP Identification Different algorithms for incrementing IPID CIT 380: Securing Computer Systems Slide #23

24 Passive Fingerprinting Identify OSes of hosts on network by sniffing packets sent by each host. Use similar characteristics as active techniques: TTL MSS Initial Window Size Don t Fragment bit Tools: p0f CIT 380: Securing Computer Systems Slide #24

25 Fingerprinting Defences Detection NIDS Blocking Firewalling Some probes can t be blocked. Deception IPpersonality changes Linux TCP/IP stack signature to that of another OS in nmap db. CIT 380: Securing Computer Systems Slide #25

26 Vulnerability Scanning Scan for vulnerabilities in systems Configuration errors Well-known system vulnerabilities Scanning Tools Nessus OpenVAS Nexpose GFI LANguard Network Security Scanner ISS Internet Scanner CIT 380: Securing Computer Systems Slide #26

27 Vulnerability Scanner Architecture User Interface Vulnerability Database Scanning Engine Scan Results Report Generation CIT 380: Securing Computer Systems Slide #27

28 Nessus Report CIT 380: Securing Computer Systems Slide #28

29 Scanning Tools Summary Information IP addresses of hosts Network topology Open ports Service versions OS Vulnerabilities Tool ping, nmap -sp traceroute, lft nmap -st -su nmap -sv nmap O, p0f Nessus, OpenVAS CIT 380: Securing Computer Systems Slide #29

30 References 1. Fyodor, NMAP documentation, 2. Fyodor, Remote OS detection via TCP/IP Stack FingerPrinting, Phrack 54, 3. Gordon Fyodor Lyon, Nmap Network Scanning, Ed Skoudis, Counter Hack Reloaded, Prentice Hall, CIT 380: Securing Computer Systems Slide #30

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie An Introduction to Nmap with a Focus on Information Gathering Ionuț Ambrosie January 12, 2015 During the information gathering phase of a penetration test, tools such as Nmap can be helpful in allowing

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Network and Services Discovery

Network and Services Discovery A quick theorical introduction to network scanning January 8, 2016 Disclaimer/Intro Disclaimer/Intro Network scanning is not exact science When an information system is able to interact over the network

More information

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem

More information

Remote Network Analysis

Remote Network Analysis Remote Network Analysis Torsten Hoefler htor@cs.tu-chemnitz.de (DMZ), mostly between two packet filters and application gateways. The different possibilities to connect DMZ-hosts are also shown in Figure

More information

Host Fingerprinting and Firewalking With hping

Host Fingerprinting and Firewalking With hping Host Fingerprinting and Firewalking With hping Naveed Afzal National University Of Computer and Emerging Sciences, Lahore, Pakistan Email: 1608@nu.edu.pk Naveedafzal gmail.com Abstract: The purpose

More information

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts. Scanning Tools The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This paper will look at some of

More information

Lecture 5: Network Attacks I. Course Admin

Lecture 5: Network Attacks I. Course Admin Lecture 5: Network Attacks I CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lectures by Keith Ross Course Admin HW/Lab 1 Due Coming Monday 11am Lab sessions are active

More information

Chapter 6 Phase 2: Scanning

Chapter 6 Phase 2: Scanning Chapter 6 Phase 2: Scanning War Dialer Tool used to automate dialing of large pools of telephone numbers in an effort to find unprotected THC-Scan 2.0 Full-featured, free war dialing tool Runs on Win9x,

More information

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Network Scanning What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Where will our research go? Page : 1 Function - attacker view What hosts

More information

Network Security CS 192

Network Security CS 192 Network Security CS 192 Network Scanning (Idlescan) Department of Computer Science George Washington University Jonathan Stanton 1 Today s topics Discussion of new DNS flaws Network Scanning (Idlescan)

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Divide and Conquer Real World Distributed Port Scanning

Divide and Conquer Real World Distributed Port Scanning Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews

More information

Introduction. Nmap from an Ethical Hacker's View Part 1. By Kirby Tucker

Introduction. Nmap from an Ethical Hacker's View Part 1. By Kirby Tucker Nmap from an Ethical Hacker's View Part 1 By Kirby Tucker Editor's Note: Kirby is a long time contributor and supporter of EH-Net. So when he came to me with the idea to do a more approachable tutorial

More information

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services CS4983 Senior Technical Report Brian Chown 0254624 Faculty of Computer Science University of New Brunswick Canada

More information

Nmap: Scanning the Internet

Nmap: Scanning the Internet Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16 August 8, 2008; 4PM Abstract The Nmap Security Scanner was built to efficiently scan large networks, but Nmap's

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Attacks and Defense. Phase 1: Reconnaissance

Attacks and Defense. Phase 1: Reconnaissance Attacks and Defense Phase 1: Reconnaissance Phase 2: Port Scanning Phase 3: Gaining Access Using Application and Operating System Using Networks Phase 1: Reconnaissance Known as information gathering.

More information

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm,

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm, Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm, Network IDS devices use passive network monitoring extensively to detect possible threats. Through passive

More information

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of

More information

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that

More information

A Very Incomplete Diagram of Network Attacks

A Very Incomplete Diagram of Network Attacks A Very Incomplete Diagram of Network Attacks TCP/IP Stack Reconnaissance Spoofing Tamper DoS Internet Transport Application HTTP SMTP DNS TCP UDP IP ICMP Network/Link 1) HTML/JS files 2)Banner Grabbing

More information

Network Security. Network Scanning

Network Security. Network Scanning Network Security Network Scanning Module 2 Keith A. Watson, CISSP, CISA IA Research Engineer, CERIAS kaw@cerias.purdue.edu 1 Network Scanning Definition: Sending packets configured to evoke a response

More information

1.0 Introduction. 2.0 Data Gathering

1.0 Introduction. 2.0 Data Gathering Nessus Scanning 1.0 Introduction Nessus is a vulnerability scanner, a program that looks for security bugs in software. There is a freely available open source version which runs on Unix. Tenable Security

More information

Security: Attack and Defense

Security: Attack and Defense Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing

More information

Penetration Testing Workshop

Penetration Testing Workshop Penetration Testing Workshop Who are we? Carter Poe Nathan Ritchey Mahdi Shapouri Fred Araujo Outline Ethical hacking What is penetration testing? Planning Reconnaissance Footprinting Network Endpoint

More information

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat. 1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, juaorteg@uat.edu 1 Juan Ortega, juaorteg@uat.edu 2 Document Properties Title Version V1.0 Author Pen-testers

More information

NETWORK SECURITY WITH OPENSOURCE FIREWALL

NETWORK SECURITY WITH OPENSOURCE FIREWALL NETWORK SECURITY WITH OPENSOURCE FIREWALL Vivek Kathayat,Dr Laxmi Ahuja AIIT Amity University,Noida vivekkathayat@gmail.com lahuja@amity.edu ATTACKER SYSTEM: Backtrack 5r3( 192.168.75.10 ) HOST: Backtrack

More information

Looking for Trouble: ICMP and IP Statistics to Watch

Looking for Trouble: ICMP and IP Statistics to Watch Looking for Trouble: ICMP and IP Statistics to Watch Laura Chappell, Senior Protocol Analyst Protocol Analysis Institute [lchappell@packet-level.com] www.packet-level.com www.podbooks.com HTCIA Member,

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities

More information

Penetration Testing. What Is a Penetration Testing?

Penetration Testing. What Is a Penetration Testing? Penetration Testing 1 What Is a Penetration Testing? Testing the security of systems and architectures from the point of view of an attacker (hacker, cracker ) A simulated attack with a predetermined goal

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

Remote Network Analysis

Remote Network Analysis Remote Network Analysis - I know what you know - Torsten Höfler htor@cs.tu-chemnitz.de Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 1/41 Outline 1. 2. 3. 4. Advanced Scanning 5. 6. Torsten

More information

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding Firewalls slide 1 configuring a sophisticated GNU/Linux firewall involves understanding iptables iptables is a package which interfaces to the Linux kernel and configures various rules for allowing packets

More information

Host Discovery with nmap

Host Discovery with nmap Host Discovery with nmap By: Mark Wolfgang moonpie@moonpie.org November 2002 Table of Contents Host Discovery with nmap... 1 1. Introduction... 3 1.1 What is Host Discovery?... 4 2. Exploring nmap s Default

More information

Using Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)

Using Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4) Using Nessus to Detect Wireless Access Points March 6, 2015 (Revision 4) Table of Contents Introduction... 3 Why Detect Wireless Access Points?... 3 Wireless Scanning for WAPs... 4 Detecting WAPs using

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson Nessus A short review of the Nessus computer network vulnerability analysing tool Authors: Henrik Andersson Johannes Gumbel Martin Andersson Introduction What is a security scanner? A security scanner

More information

nmap, nessus, and snort Vulnerability Analysis & Intrusion Detection

nmap, nessus, and snort Vulnerability Analysis & Intrusion Detection nmap, nessus, and snort Vulnerability Analysis & Intrusion Detection agenda Vulnerability Analysis Concepts Vulnerability Scanning Tools nmap nikto nessus Intrusion Detection Concepts Intrusion Detection

More information

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important Presented By: Holes in the Fence Dave Engebretson, Contributing Technology writer, SDM Magazine Industry Instructor in Fiber and Networking Prevention of Security System breaches of networked Edge Devices

More information

Stateful Firewalls. Hank and Foo

Stateful Firewalls. Hank and Foo Stateful Firewalls Hank and Foo 1 Types of firewalls Packet filter (stateless) Proxy firewalls Stateful inspection Deep packet inspection 2 Packet filter (Access Control Lists) Treats each packet in isolation

More information

IP Network Scanning & Reconnaissance

IP Network Scanning & Reconnaissance IP Network Scanning & Reconnaissance Hacking for Techies Technical Primer Booklet Matta Security Limited 16 19 Southampton Place London WC1A 2AX +44 (0) 8700 77 11 00 courses@trustmatta.com http://www.trustmatta.com

More information

Development of a Network Intrusion Detection System

Development of a Network Intrusion Detection System Development of a Network Intrusion Detection System (I): Agent-based Design (FLC1) (ii): Detection Algorithm (FLC2) Supervisor: Dr. Korris Chung Please visit my personal homepage www.comp.polyu.edu.hk/~cskchung/fyp04-05/

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method

More information

Packet filtering with Iptables

Packet filtering with Iptables CSC-NETLAB Packet filtering with Iptables Group Nr Name1 Name2 Name3 Date Instructor s Signature Table of Contents 1 Goals...2 2 Introduction...3 3 Getting started...3 4 Connecting to the virtual hosts...3

More information

Network Forensics: Detection and Analysis of Stealth Port Scanning Attack

Network Forensics: Detection and Analysis of Stealth Port Scanning Attack International Journal of Computer Networks and Communications Security VOL. 3, NO. 2, FEBRUARY 2015, 33 42 Available online at: www.ijcncs.org E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print) Network

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Chapter 8 Network Security

Chapter 8 Network Security [Computer networking, 5 th ed., Kurose] Chapter 8 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 84Securing 8.4 e-mail 8.5 Securing TCP connections: SSL 8.6 Network

More information

Firewalls. Pehr Söderman KTH-CSC Pehrs@kth.se

Firewalls. Pehr Söderman KTH-CSC Pehrs@kth.se Firewalls Pehr Söderman KTH-CSC Pehrs@kth.se 1 Definition A firewall is a network device that separates two parts of a network, enforcing a policy for all traversing traffic. 2 Fundamental requirements

More information

SECURITY TOOLS SOFTWARE IN AN OPEN SOURCE ENVIRONMENT. Napoleon Alexandru SIRETEANU *

SECURITY TOOLS SOFTWARE IN AN OPEN SOURCE ENVIRONMENT. Napoleon Alexandru SIRETEANU * ANALELE ŞTIINłIFICE ALE UNIVERSITĂłII ALEXANDRU IOAN CUZA DIN IAŞI Tomul LV ŞtiinŃe Economice 2008 SECURITY TOOLS SOFTWARE IN AN OPEN SOURCE ENVIRONMENT Napoleon Alexandru SIRETEANU * Abstract In a penetration

More information

A1.1.1.11.1.1.2 1.1.1.3S B

A1.1.1.11.1.1.2 1.1.1.3S B CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

More information

Windows Insecurity. Penetrated. v0.11

Windows Insecurity. Penetrated. v0.11 Windows Insecurity Penetrated v0.11 1 Cop y r i g h t (c) 2004 ADR I A N PAS T O R. Per m i s s i o n is gran t e d to cop y, dis t r i b u t e and / o r mod i f y this docu m e n t und e r the ter m s

More information

Stop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com

Stop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com Stop that Big Hack Attack Protecting Your Network from Hackers Laura Jeanne Knapp Technical Evangelist 1-919-224-2205 laura@lauraknapp.com www.lauraknapp.com NetSec_ 010 Agenda Components of security threats

More information

Computer forensics 2015-12-01

Computer forensics 2015-12-01 Computer forensics Evidence acquisition Protocol analysis Packet analysis Flow analysis Network Logs Network devices Network intrusion detection/prevention systems Common network attacks Web browser forensics

More information

Installing and Configuring Nessus by Nitesh Dhanjani

Installing and Configuring Nessus by Nitesh Dhanjani Unless you've been living under a rock for the past few years, it is quite evident that software vulnerabilities are being found and announced quicker than ever before. Every time a security advisory goes

More information

Lab 3: Recon and Firewalls

Lab 3: Recon and Firewalls Lab 3: Recon and Firewalls IP, UDP, TCP and ICMP Before we can create firewall rules, we have to know the basics of network protocols. Here's a quick review... IP ICMP UDP TCP The underlying packet delivery

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad Vulnerability Assessment and Penetration Testing CC Faculty ALTTC, Ghaziabad Need Vulnerabilities Vulnerabilities are transpiring in different platforms and applications regularly. Information Security

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

AC 2012-3856: TEACHING NETWORK SECURITY THROUGH SIGNA- TURE ANALYSIS OF COMPUTER NETWORK ATTACKS

AC 2012-3856: TEACHING NETWORK SECURITY THROUGH SIGNA- TURE ANALYSIS OF COMPUTER NETWORK ATTACKS AC 2012-3856: TEACHING NETWORK SECURITY THROUGH SIGNA- TURE ANALYSIS OF COMPUTER NETWORK ATTACKS Dr. Te-Shun Chou, East Carolina University Te-Shun Chou received his bachelor s degree in electronics engineering

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

Network reconnaissance and IDS

Network reconnaissance and IDS Network reconnaissance and IDS CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642 Let s play over the network Target

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall. Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and

More information

Introduction to Network Security Lab 2 - NMap

Introduction to Network Security Lab 2 - NMap Introduction to Network Security Lab 2 - NMap 1 Introduction: Nmap as an Offensive Network Security Tool Nmap, short for Network Mapper, is a very versatile security tool that should be included in every

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles

Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations

More information

Network reconnaissance and IDS

Network reconnaissance and IDS Network reconnaissance and IDS CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642 Let s play over the network Target

More information

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005 Firewall Testing Cameron Kerr Telecommunications Programme University of Otago May 16, 2005 Abstract Writing a custom firewall is a complex task, and is something that requires a significant amount of

More information

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION copyright 2003 securitymetrics Security Vulnerabilities of Computers & Servers Security Risks Change Daily New

More information

Network Mapper and Vulnerability Scanning

Network Mapper and Vulnerability Scanning Network Mapper and Vulnerability Scanning Avviso Per la legge italiana questi strumenti sono equivalenti a strumenti per lo scasso Possono essere posseduti solo da chi ha un ruolo professionale che lo

More information

CIT 480: Securing Computer Systems. Firewalls

CIT 480: Securing Computer Systems. Firewalls CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring

More information

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

CS2107 Introduction to Information and System Security (Slid. (Slide set 8) Networks, the Internet Tool support CS2107 Introduction to Information and System Security (Slide set 8) National University of Singapore School of Computing July, 2015 CS2107 Introduction to Information

More information

Time has something to tell us about Network Address Translation

Time has something to tell us about Network Address Translation Time has something to tell us about Network Address Translation Elie Bursztein Abstract In this paper we introduce a new technique to count the number of hosts behind a NAT. This technique based on TCP

More information

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals Denial of Service Attacks Notes derived from Michael R. Grimaila s originals Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident

More information

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running

More information

8 steps to protect your Cisco router

8 steps to protect your Cisco router 8 steps to protect your Cisco router Daniel B. Cid daniel@underlinux.com.br Network security is a completely changing area; new devices like IDS (Intrusion Detection systems), IPS (Intrusion Prevention

More information

Denial Of Service. Types of attacks

Denial Of Service. Types of attacks Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service

More information

Firewalls Netasq. Security Management by NETASQ

Firewalls Netasq. Security Management by NETASQ Firewalls Netasq Security Management by NETASQ 1. 0 M a n a g e m e n t o f t h e s e c u r i t y b y N E T A S Q 1 pyright NETASQ 2002 Security Management is handled by the ASQ, a Technology developed

More information

IxLoad-Attack: Network Security Testing

IxLoad-Attack: Network Security Testing IxLoad-Attack: Network Security Testing IxLoad-Attack tests network security appliances determining that they effectively and accurately block attacks while delivering high end-user quality of experience

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

Codebox 2: simple configuration changes in Apache and PHP configuration files

Codebox 2: simple configuration changes in Apache and PHP configuration files Do Reverse Proxies provide real security? In the process of building / designing the infrastructure for a new project the following question was asked: shouldn't we use a reverse proxy to secure or protect

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006 CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security 560.2. Sans Mentor: Daryl Fallin

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security 560.2. Sans Mentor: Daryl Fallin Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing SANS Security 560.2 Sans Mentor: Daryl Fallin http://www.sans.org/info/55868 Copyright 2010, All Rights Reserved Version 4Q10

More information

Penetration Testing SIP Services

Penetration Testing SIP Services Penetration Testing SIP Services Using Metasploit Framework Writer Version : 0.2 : Fatih Özavcı (fatih.ozavci at viproy.com) Introduction Viproy VoIP Penetration Testing Kit Sayfa 2 Table of Contents 1

More information

HTTP Fingerprinting and Advanced Assessment Techniques

HTTP Fingerprinting and Advanced Assessment Techniques HTTP Fingerprinting and Advanced Assessment Techniques Saumil Shah Director, Net-Square Author: Web Hacking - Attacks and Defense BlackHat 2003, Washington DC The Web Hacker s playground Web Client Web

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

CIT 480: Securing Computer Systems. Firewalls

CIT 480: Securing Computer Systems. Firewalls CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring

More information

noway.toonux.com 09 January 2014

noway.toonux.com 09 January 2014 noway.toonux.com p3.7 10 noway.toonux.com 88.190.52.71 Debian Linux 0 CRITICAL 0 HIGH 5 MEDIUM 2 LOW Running Services Service Service Name Risk General Linux Kernel Medium 22/TCP OpenSSH 5.5p1 Debian 6+squeeze4

More information

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services Firewalls What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and

More information

Workshop on Network Traffic Capturing and Analysis IITG, DIT, CERT-In, C-DAC. Host based Analysis. {Himanshu Pareek, himanshup@cdac.

Workshop on Network Traffic Capturing and Analysis IITG, DIT, CERT-In, C-DAC. Host based Analysis. {Himanshu Pareek, himanshup@cdac. Workshop on Network Traffic Capturing and Analysis IITG, DIT, CERT-In, C-DAC Host based Analysis {Himanshu Pareek, himanshup@cdac.in} {C-DAC Hyderabad, www.cdachyd.in} 1 Reference to previous lecture Bots

More information

Network Vulnerability Assessment Report Sorted by host names

Network Vulnerability Assessment Report Sorted by host names Network Vulnerability Assessment Report Sorted by host names Session name: before192.168.0.110 Total records generated: 66 high severity: 7 low severity: 46 informational: 13 Start time: 30.08.2003 07:56:15

More information

Using IPM to Measure Network Performance

Using IPM to Measure Network Performance CHAPTER 3 Using IPM to Measure Network Performance This chapter provides details on using IPM to measure latency, jitter, availability, packet loss, and errors. It includes the following sections: Measuring

More information