Introduction to Network Security Lab 2 - NMap



Similar documents
Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

NETWORK SECURITY WITH OPENSOURCE FIREWALL

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Attacks and Defense. Phase 1: Reconnaissance

Host Discovery with nmap

Penetration Testing Workshop

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

Nmap: Scanning the Internet

Malicious Network Traffic Analysis

Network Traffic Analysis

Attack Lab: Attacks on TCP/IP Protocols

CIT 380: Securing Computer Systems

Installing and Configuring Nessus by Nitesh Dhanjani

Running head: USING NESSUS AND NMAP TOOLS 1

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Practical Network Forensics

IDS and Penetration Testing Lab ISA656 (Attacker)

Lecture 5: Network Attacks I. Course Admin

Introduction. Nmap from an Ethical Hacker's View Part 1. By Kirby Tucker

Looking for Trouble: ICMP and IP Statistics to Watch

Running a Default Vulnerability Scan SAINTcorporation.com

Lab 3: Recon and Firewalls

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

Lab 1: Network Devices and Technologies - Capturing Network Traffic

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Analysing Various Packet Sniffing Tools

Host Fingerprinting and Firewalking With hping

Lab 7: Introduction to Pen Testing (NMAP)

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

idatafax Troubleshooting

Network Forensics Network Traffic Analysis

HW/Lab 2: Network Mapping and Attacks. CS 336/536: Computer Network Security DUE at 10/19/2015 (11am)

Firewall Firewall August, 2003

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Lab Objectives & Turn In

Linux Network Security

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com.

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

1.0 Introduction. 2.0 Data Gathering

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Passive Vulnerability Detection

Chapter 6 Phase 2: Scanning

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

ZENworks 11 Support Pack 4 Management Zone Settings Reference. May 2016

Firewalls and Software Updates

Study of Network Security along with Network Security Tools and Network Simulators

Lab - Configure a Windows 7 Firewall

DESIGN OF NETWORK SECURITY PROJECTS USING HONEYPOTS *

1. LAB SNIFFING LAB ID: 10

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

10 Configuring Packet Filtering and Routing Rules

SOLARWINDS ENGINEER S TOOLSET FAST FIXES TO NETWORK ISSUES

Network Security CS 192

NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy

Open Source Security Tool Overview

Vulnerability Assessment and Penetration Testing

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

1! Network forensics

Managing Windows XP Firewall Through Command-line

Basic Firewall Lab. Lab Objectives. Configuration

Penetration Testing. What Is a Penetration Testing?

Lab 2: Secure Network Administration Principles - Log Analysis

Is the Scanning of Computer Networks Dangerous?

Network Security. Network Packet Analysis

Computer forensics

Configuring Security for FTP Traffic

In this lab you will explore the Windows XP Firewall and configure some advanced settings.

Vulnerability Assessment Lab

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Project 2: Firewall Design (Phase I)

Footprinting and Reconnaissance Tools

information security and its Describe what drives the need for information security.

Advanced Network Scanning

Lab Configuring Access Policies and DMZ Settings

Network Security. Network Scanning

Applied Security Lab 2: Personal Firewall

Lab - Configure a Windows Vista Firewall

Lab Configure Intrusion Prevention on the PIX Security Appliance

Shellshock Security Patch for X86

Lab - Configure a Windows XP Firewall

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

How to Configure Windows Firewall on a Single Computer

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions

Network/Internet Forensic and Intrusion Log Analysis

Deploying the BIG-IP LTM system and Microsoft Windows Server 2003 Terminal Services

Dynamic Honeypot Construction

IDS and Penetration Testing Lab II

Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security Sans Mentor: Daryl Fallin

Transcription:

Introduction to Network Security Lab 2 - NMap 1 Introduction: Nmap as an Offensive Network Security Tool Nmap, short for Network Mapper, is a very versatile security tool that should be included in every professional s toolkit. Nmap is an open source utility for network exploration, security scanning and auditing. It comes with a very wide range of options that can make the utility more robust and can add or change features to your specifications. Nmap was created by Gordon Lyon, a.k.a. Fyodor Vaskovich, and first published in 1997. Since the source code has been available the software has been expanded greatly and is currently at version 4.85. In addition to improvements in the functionality of the program, graphical user interfaces and support for numerous operating systems have been developed. Currently Nmap can run on Linux, Windows, OS X, FreeBSD, Solaris, Amiga, HP-UX, and others. GUI versions are also available on most of these systems along with the command line versions. There are also implementations that can take advantage of web browsing to allow for access to Nmap via a web browser. Nmap is very popular among security professionals as well as black hat hackers because of its numerous uses. The most recent version of the program can be used to check for network host discovery, port scanning, version and OS detection, network inventory, ping sweeps, and detailing logging mechanisms. These various uses are all important, but what the most basic sections of the program deal with are host discovery and port scanning. Nmap can be used to check to see what other devices and machines are connected to the network. It can also be used to check which ports on these devices are open and closed. The results of these type scans can be saved to a log file which can be analyzed at a later time or saved for future comparison. Nmap is a tool that can be used for good as well as for evil. In this lab we will focus on showing the practical uses for attack, defense, and forensic analysis. Complete documentation and download information can be found at http://nmap.org/ as well as much more information pertaining to the use of the product. Nmap is often used in combination with other open source security tools such as *****, ****** and Wireshark to help secure networks from attacks. In combination with these other tools a powerful security suite can be established that can help to ensure protection of networks. Other important techniques to follow include frequently patching all systems, routine security audits, and enforcement of security policies. http://bridges.brooklyn.cuny.edu Page 1

In the following tasks, you will use the Nmap tool to perform several of the tasks listed above.. 1.1 The target computer Before starting this lab, a target computer has been set up for you. For demonstration purposes, a few ports have also been opened, but it will be your job to identify them. Your ultimate goal is to familiarize yourself with the computer and these programs sufficiently that you could begin an attack against this machine. Your target computer has an IP of 1.2 Finding the target host(s) Intruders have the ability to use Nmap to scan entire networks to look for potential targets. This can be done by ping sweeping with the sp command. When using this command, Nmap sends in ICMP echo and a TCP ACK flag to each host that it scans. If Nmap receives a response, it notes that IP as being a running host and then continues its scanning process. From the command line (START/RUN/cmd) you can scan for all hosts on the local network by typing in the following command: nmap -sp 192.168.1.* -sp stand for "sweep ping". Nmap will return with its scanning results after a short wait. Record the IP address, MAC address and type (Dell, NetGear, Xerox) of three different hosts in your report (at the end of this lab). There is also another, more specific, way to ping your targeted computers. In some scenarios, a host may be blocking some sorts of traffic, so specifying a specific port for the scan may be necessary. You can try scanning on port 80 since that is normally open for http traffic. To specify a specific port, the PT command is used. From the command line, run: nmap sp PT80 192.168.1.* NOTE: For Nmap to determine if a host is running, the specified port (in this case 80) does not need to be open. 1.3 Task 1.4: OS Fingerprinting It is usually important for an attacker to know what OS version is running on the target computer. This is done by using the O command, which must be used in conjunction with a port scan (-st or ss which will be covered later). http://bridges.brooklyn.cuny.edu Page 2

From the command line run: nmap -O -v <IP address listed in part 1.1> Nmap will scan for specific ports, and then extrapolate the most likely target OS from the open port information. Record the resulting Nmap data in your report. 1.4 Task 1.3: Port Scanning The most simple port scan is a TCP connect scan. This attempts to complete a normal 3- way handshake with the targeted computer. You can run this scan on a specific IP (ask your instructor what to use, or use the machine identified in 1.1) with the st command. From the command line: nmap st <IP address listed in part 1.1> This will scan for open ports on that specific host. Record the results from this scan in your report. Note: This type of scan is very easy to detect since the target host will log the connection by the attacker. You can even check in the windows event logs of the target machine to see if a connection (scan) was attempted. 1.5 Stealth Scanning from the GUI The basic deep scan (using the st command) can be detected easily, and there are alternatives to such brute force methods of scanning. Stealth port scanning is used to avoid logs being created of your scanning activity. The targeted computer doesn t log the connection because the 3-way TCP handshake never finishes. Instead of finishing the handshake, the attacker sends an RST (reset command) flag to disconnect the connection instead of acknowledging the connection. Let s try the stealth port scan, but we will use the nmap GUI to make our task easier. Go to Start/nMap/nMap ZenMap GUI. You should see something that looks like this: http://bridges.brooklyn.cuny.edu Page 3

- In the target line, enter the IP address of your target machine. - In the Profile line select stealth scan if it is available. - IF STEALTH SCAN IS NOT AVAILABLE, type the following into the command line. nmap -ss -v <IP address listed in part 1.1> - NOTE: You can create your own scans and save them as profiles - When you are ready hit the SCAN button. After you have run your scan, take a look at the other tabs. What information was disclosed by this scan? Additional scanning techniques and their particular usage can be found at http://nmap.org. http://bridges.brooklyn.cuny.edu Page 4

REPORT 1.2 What computers did you find running on the local network? (IP Addresses)? Ex: 192.168.1.1 MAC Address: 00:24:B2:63:7F:85 (Netgear) 1.3 What is the operating system of your target machine? 1.4 What ports are open on the machine that you scanned? http://bridges.brooklyn.cuny.edu Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information