5.1 - Scanning Overview

 5.1 - Scanning overview 

 

Key Terms: 

    • Scanning – Actively engaging with a target to gather information about a network. 
    • Port scan – Probing a server or host for open ports. 
    • Network scan – Find live devices on a network. 
    • Vulnerability scan – Find system weaknesses such as open ports and access points. 

 

Wardialing 

Wardialing is the process of scanning a large block of phone numbers by using a modem in an attempt to locate other systems. This can help locate access points and connections the hacker could use. Modems are still used in some appliances such as fax machines and can even be used as a backup internet system. 

 

Ping 

A ping is a way of checking if a host is live or not. It works by sending an ICMP message from one system to another. Based on the ICMP reply, the attacker will know if the host is up and how fast the packets travel. A ping sweep can also be used to scan a range of IPs on a network to find live systems. Ping scanning is common so system administrators can block requests through the firewall or set up an intrusion detection system which will notify the security team as to what has happened. 

 

TCP Packets and Scans 

The TCP protocol uses a 3-way handshake method to connect devices on a network. Each packet has flags which, when sent, tell the other device what to do. Usually when connecting 2 computers, the first packet contains a SYN flag which starts a connection between the 2 active devices. The 2nd device will then send a packet containing both SYN and ACK flags. The ACK flag acknowledges the connection between the 2 devices. Finally, the 1st computer will send an ACK packet back to fully establish the connection. A full open scan will use this method on every port to find ones that are open. Open ports respond with a SYN/ACK packet whilst closed ports respond with an RST flag, ending the connection attempt. These scans are very blatant and will be logged onto the system. However, a stealth scan will not send the final ACK packet therefore, no logs will be created. A Christmas tree scan will send a packet containing every available flag. This is useful as the responding system will not know what to do with it and either send an RST flag (meaning the port is closed) or send nothing at all (meaning it is open). 

 

Idle Attack 

An Idle attack is used when a hacker wants to scan a network for open ports however, they want to be super stealthy about it. This is when another system or device can be used to receive packets instead of the attacker’s machine. This other device is called a zombie machine because it is disposable and can be controlled by the hacker into scanning the target. 

 

OS Scanning 

Knowing the operating system of a target is important as it can reveal OS dependent vulnerabilities. By reviewing packet information, a hacker can see what OS is running on the system. For example, the initial TTL for a Linux machine is 64 and the window size is 5840, on Server 2008 the initial TTL is 128 and the window size is 8192, on a Cisco Router (12.4) the initial TTL is 255 and the window size is 4128. 

 

Banner Grabbing 

A banner is a bit of data given to the requester about itself. Banners can be grabbed using a tool such as Telnet which operates on port 23. Telnet will send TCP packets to the destination of port 23 to get a response. Banners can show information such as modification dates and operating systems. 

 

Scanning Tools 

    • CurrPortsLists all open TCP/IP and UDP ports on your computer. Also provides information about the ports such as which process opened the port, which user activated that process and when the port was opened. 
    • Ping – Uses internet control message protocol (ICMP) to probe a remote system. 
    • Hping3 – Sends packets across a network and creates custom packets that can analyse the host. It also supports TCP and UDP pings, has a traceroute mode, and can send and receive files. 
    • ColasoftA packet crafting software that can modify flags and adjust packet content. 
    • Angry IP Scanner – A network scanner that scans remote and local networks and returns an IP range. 
    • SolarWinds Port Scanner – A tool that provides a list of open, closed and filtered ports. 
    • IP-Tools – A group of 20 scanning utilities. It includes SNMP Scanner, UDP Scanner, Trace, Finger, Telnet, IP-Monitor and Trap Watcher. The program supports multitasking so scans can be done quicker. 

 

Network Mapping Tools 

    • NetAuditorReports, manages and diagrams network configurations. 
    • SolarWinds Network Topology Manager – Provides automated network discovery and mapping. 
    • ScanyA scanner for IOS devices. It can scan networks, websites and ports to find open network devices. It can obtain domain and network names and includes basic networking utilities such as ping, traceroute and whois. 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more