1 modul 2 footprinting scanning enumeration isbat uzzin nadhori informatical engineering pens-its...
TRANSCRIPT
![Page 1: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/1.jpg)
1
Modul 2Footprinting Scanning
Enumeration
Isbat Uzzin Nadhori
Informatical Engineering PENS-ITS
Politeknik Elektronika Negeri Surabaya
ITS - Surabaya
![Page 2: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/2.jpg)
2
Intelligence Gathering Techniques
3 Major StepsFoot Printing
Scanning
Enumeration
Similar to MilitaryGather information on the target
Analyze weaknesses
Construct and launch attack
![Page 3: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/3.jpg)
3
Gathering Process Overview
You can’t attack what you don’t know
![Page 4: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/4.jpg)
4
Hacking Step
![Page 5: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/5.jpg)
5
Hacking Step …
![Page 6: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/6.jpg)
6
Gathering Process overview
HostsHosts
PortsPorts
ServicesServices
Vulnerabilities
Vulnerabilities
![Page 7: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/7.jpg)
7
Footprinting
![Page 8: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/8.jpg)
8
FootprintingFootprinting Footprinting is the ability to obtain essential information about an organization.
Commonly called network reconnaissance.
Result Gather information includes: –The technologies that are being used such as, Internet, Intranet, Remote Access and the Extranet.
–To explored the security policies and procedures
–take an unknown quality and reduce it
–Take a specific range of domain names, network blocks and individual IP addresses of a system that is directly connected to the Internet
This is done by employing various computer security techniques, as:• DNS queries nslookup, dig, Zone Transfer
• Network enumeration
• Network queries
• Operating system identification
• Organizational queries
When used in the computer security lexicon, "footprinting" generally refers to one of the pre-attack phases; tasks performed prior to doing the actual attack. Some of the tools used for footprinting areSam Spade, nslookup, traceroute, Nmap and neotrace.
• Ping sweeps• Point of contact queries• Port Scanning• Registrar queries (WHOIS queries)• SNMP queries• World Wide Web spidering
![Page 9: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/9.jpg)
9
DNS QueryDNS Query
![Page 10: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/10.jpg)
10
Network Query ToolsNetwork Query Tools
* Ping* NSlookup* Whois* IP block search* Dig* Traceroute* Finger* SMTP VRFY* Web browser keep-alive* DNS zone transfer* SMTP relay check* Usenet cancel check* Website download* Website search* Email header analysis* Email blacklist* Query Abuse address
![Page 11: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/11.jpg)
11
Information to GatherInformation to Gather
Attacker’s point of viewAttacker’s point of viewIdentify potential target systemsIdentify potential target systems
Identify which types of attacks may be useful on target systemsIdentify which types of attacks may be useful on target systems
Defender’s point of viewDefender’s point of viewKnow available toolsKnow available tools
May be able to tell if system is being footprinted, be more prepared for May be able to tell if system is being footprinted, be more prepared for possible attackpossible attack
Vulnerability analysis: know what information you’re giving away, what Vulnerability analysis: know what information you’re giving away, what weaknesses you haveweaknesses you have
![Page 12: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/12.jpg)
12
OS IdentificationOS Identification
![Page 13: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/13.jpg)
13
Point of ContactPoint of Contact
![Page 14: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/14.jpg)
14
Tools - LinuxTools - Linux Some basic Linux tools - lower level utilitiesSome basic Linux tools - lower level utilities
Local SystemLocal System
hostnamehostname
ifconfigifconfig
who, lastwho, last
Remote SystemsRemote Systems
pingping
traceroutetraceroute
nslookup, dignslookup, dig
whoiswhois
arp, netstat (also local system)arp, netstat (also local system)
Other toolsOther tools
lsoflsof
![Page 15: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/15.jpg)
15
Tools – Linux (2)Tools – Linux (2)
Other utilitiesOther utilitieswireshark (packet sniffing)wireshark (packet sniffing)
nmap (port scanning) - more laternmap (port scanning) - more later
Ubuntu LinuxUbuntu Linux
Go to System / Administration / Network Tools – get Go to System / Administration / Network Tools – get interface to collection of tools: ping, netstat, traceroute, interface to collection of tools: ping, netstat, traceroute, port scan, nslookup, finger, whoisport scan, nslookup, finger, whois
![Page 16: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/16.jpg)
16
Tools - WindowsTools - Windows
WindowsWindowsSam Spade (collected network tools)Sam Spade (collected network tools)
Wireshark (packet sniffer)Wireshark (packet sniffer)
Command line toolsCommand line tools
ipconfigipconfig
Many others…Many others…
![Page 17: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/17.jpg)
17
Traceroute# traceroute ns1.target-company.com
traceroute to ns1.target-company.com (xxx.xx.xx.xx), 30 hops max, 40 byte packets
1 fw-gw (209.197.192.1) 0.978 ms 0.886 ms 0.875 ms
2 s1-0-1-access (209.197.224.69) 4.816 ms 5.275 ms 3.969 ms
3 dallas.tx.core1.fastlane.net (209.197.224.1) 4.622 ms 9.439 ms 3.977 ms
4 atm8-0-024.CR-1.usdlls.savvis.net (209.44.32.217) 6.564 ms 5.639 ms 6.681 ms
5 Serial1-0-1.GW1.DFW1.ALTER.NET (157.130.128.53) 7.148 ms 6.595 ms 7.371 ms
6 103.ATM3-0.XR2.DFW4.ALTER.NET (146.188.240.38) 11.861 ms 11.669 ms 6.732 ms
7 152.63.96.85 (152.63.96.85) 10.565 ms 25.423 ms 25.369 ms
8 dfw2-core2-pt4-1-0.atlas.digex.net (206.181.125.153) 13.289 ms 10.585 ms
17.173 ms
9 dfw2-core1-fa8-1-0.atlas.digex.net (165.117.52.101) 44.951 ms 241.358 ms
248.838 ms
10 swbell-net.demarc.swbell.net (206.181.125.10) 12.242 ms 13.821 ms 27.618 ms
11 ded2-fa1-0-0.rcsntx.swbell.net (151.164.1.137) 25.299 ms 11.295 ms 23.958 ms
12 target-company-818777.cust-rtr.swbell.net (151.164.x.xxx) 52.104 ms 24.306
ms 17.248 ms
13 ns1.target-company.com (xxx.xx.xx.xx) 23.812 ms 24.383 ms 27.489 ms
![Page 18: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/18.jpg)
18
Traceroute - Network Mapping
cw
swb
Internet Routers
![Page 19: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/19.jpg)
19
Traceroute - Network Mapping
cw
swb
Internet Routers
![Page 20: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/20.jpg)
20
Traceroute - Network Mapping
Firewall
DMZ
cw
swb
VPN
Internet Routers
![Page 21: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/21.jpg)
21
Traceroute - Network Mapping
Firewall
DMZ
www
ftp
cw
swb
VPN
Internet Routers
![Page 22: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/22.jpg)
22
Traceroute - Network Mapping
Firewall
DMZ
www
ftp
cw
swb
VPN
Internet Routers
![Page 23: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/23.jpg)
23
Traceroute - Network Mapping
Sun
LinuxFirewall
NT
Hosts Inside DMZ
www
ftp
cw
swb
VPN
Internet Routers
![Page 24: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/24.jpg)
24
Traceroute - Network Mapping
Sun
LinuxFirewall
NT
Hosts Inside DMZ
www
ftp
cw
swb
VPN
Internet Routers
Linux 2.0.38xxx.xx.48.2
AIX 4.2.1xxx.xx.48.1
Checkpoint Firewall-1Solaris 2.7xxx.xx.49.17
Checkpoint Firewall-1Nortel VPNxxx.xx.22. 7
Cisco 7206204.70.xxx.xxx
Nortel CVX1800151.164.x.xxx
IDS?
![Page 25: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/25.jpg)
25
Domain Name: UWEC.EDUDomain Name: UWEC.EDU
Registrant:Registrant:
University of Wisconsin - Eau ClaireUniversity of Wisconsin - Eau Claire
105 Garfield Avenue105 Garfield Avenue
Eau Claire, WI 54702-4004Eau Claire, WI 54702-4004
UNITED STATESUNITED STATES
Contacts:Contacts:
Administrative Contact:Administrative Contact:
Computing and Networking ServicesComputing and Networking Services
105 Garfield Ave105 Garfield Ave
Eau Claire, WI 54701Eau Claire, WI 54701
UNITED STATESUNITED STATES
(715) 836-5711(715) 836-5711
[email protected]@uwec.edu
Name Servers:Name Servers:
TOMATO.UWEC.EDU 137.28.1.17TOMATO.UWEC.EDU 137.28.1.17
LETTUCE.UWEC.EDU 137.28.1.18LETTUCE.UWEC.EDU 137.28.1.18
BACON.UWEC.EDU 137.28.5.194BACON.UWEC.EDU 137.28.5.194
WhoisWhois
![Page 26: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/26.jpg)
26
Scanning
![Page 27: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/27.jpg)
27
Introduction
Scanning can be compared to a thief checking all the doors and windows of a house he wants to break into.
Scanning- The art of detecting which systems are alive and reachable via the internet and what services they offer, using techniques such as ping sweeps, port scans and operating system identification, is called scanning.
The kind of information collected here has to do with the following:
1) TCP/UDP services running on each system identified.
2) System architecture (Sparc, Alpha, x86)
3) Specific IP address of systems reachable via the internet.
4) Operating System type.
![Page 28: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/28.jpg)
28
Ping Sweeps
ping sweep is a method that can establish a range of IP addresses which map to live hosts.
ICMP Sweeps (ICMP ECHO requests)
Broadcast ICMP
Non Echo ICMP
TCP Sweeps
UDP Sweeps
![Page 29: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/29.jpg)
29
PING SWEEPS
ICMP SWEEPS
ICMP ECHO request
ICMP ECHO replyTarget alive
Intruder
Querying multiple hosts – Ping sweep is fairly slow
Examples UNIX – fping and gping
WINDOWS - Pinger
![Page 30: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/30.jpg)
30
Broadcast ICMPIntruder Network
ICMP ECHO request
ICMP ECHO reply
ICMP ECHO reply
ICMP ECHO reply
Can Distinguish between UNIX and WINDOWS machine
UNIX machine answers to requests directed to the network address.
WINDOWS machine will ignore it.
![Page 31: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/31.jpg)
31
PING SWEEPS
NON – ECHO ICMPExample ICMP Type 13 – (Time Stamp)
Originate Time Stamp
- The time the sender last touched the message before sending
Receive Time Stamp
- The echoer first touched it on receipt.
Transmit Time Stamp
- The echoer last touched on sending it.
![Page 32: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/32.jpg)
32
PING Sweeps
TCP Sweeps
ServerClient
C(SYN:PortNo & ISN)
S (SYN & ISN) + ACK[ C (SYN+!) ]
RESET (not active)
S(ISN+1)
When will a RESET be sent?
When RFC does not appear correct while appearing.
RFC = (Destination (IP + port number) & Source( IP & port number))
![Page 33: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/33.jpg)
33
PING Sweeps
Depends on ICMP PORT UNREACHABLE message.
UDP data gram
ICMP PORT UNREACHABLE
Unreliable because
• Routers can drop UDP packets
•UDP services may not respond when correctly probed
•Firewalls are configured to drop UDP
•Relies on fact that non-active UDP port will respond
Target System
![Page 34: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/34.jpg)
34
PORT SCANNING
Types:
TCP Connect() Scan
TCP SYN Scan( Half open scanning)
Stealth Scan
Explicit Stealth Mapping Techniques
SYN/ACL , FIN, XMAS and NULL
Inverse Mapping
Reset Scans, Domain Query Answers
Proxy Scanning / FTP Bounce Scanning
TCP Reverse Ident Scanning
![Page 35: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/35.jpg)
35
Port Scanning Types
TCP Connect() Scan
SYN packet
SYN/ACK listening
RST/ACK (port not listening)
SYN/ACK
A connection is terminated after the full length connection establishment process has been completed
![Page 36: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/36.jpg)
36
Port Scanning Type
TCP SYN Scan (half open scanning)
SYN packet
SYN/ACK listening
RST/ACK (port not listening)
We immediately tear down the connection by sending a RESET
![Page 37: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/37.jpg)
37
Port Scanning TypeStealth Scan
A scanning technique family doing the following
Pass through filtering rules.
Not to be logged by the targeted system logging mechanism
Try to hide themselves at the usual site / network traffic.
The frequently used stealth mapping techniques are.
SYN/ACK scan
FIN scans
XMAS scans
NULL scans
![Page 38: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/38.jpg)
38
PORT Scanning
Techniques:
Random Port scan
Slow Scan
Fragmentation Scanning
Decoy
Coordinated Scans
![Page 39: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/39.jpg)
39
PORT Scanning“Random” Port Scan
Randomizing the sequence of ports probed may prevent detection.
Slow Scan
Some hackers are very patient and can use network scanners that spread out the scan over a long period of time. The scan rate can be, for example, as low as 2 packets per day per target site.
Fragmentation scanning
In case of TCP the 8 octets of data (minimum fragment size) are enough to contain the source and destination port numbers. This will force the TCP flags field into the second fragment.
Decoy
Some network scanners include options for Decoys or spoofed address in their attacks.
Coordinated Scans
If multiple IPs probe a target network, each one probes a certain service on a certain machine in a different time period, and therefore it would be nearly impossible to detect these scans.
![Page 40: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/40.jpg)
40
Operating System Detection
Banner Grabbing
DNS HINFO Record
TCP/IP Stack Fingerprinting
![Page 41: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/41.jpg)
41
Operating System Detection
![Page 42: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/42.jpg)
42
Operating System Detection
DNS HINFO Record
The host information record is a pair of strings identifying the host’s hardware type and the operating system
www IN HINFO “Sparc Ultra 5” “Solaris 2.6”
One of the oldest technique
![Page 43: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/43.jpg)
43
Operating System Detection
TCP/IP Finger Printing
The ideas to send specific TCP packets to the target IP and observe the response which will be unique to certain group or individual operations.
Types of probes used to determine the OS type
The FIN Probe, The Bogus Flag Probe, TCP initial sequence number sampling, Don’t Fragment bit, TCP initial window, ACK value, ICMP error Message Quenching, ICMP message quoting, ICMP error message Echoing Integrity, Type of service, fragmentation handling, TCP options
![Page 44: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/44.jpg)
44
Firewalking
Gather information about a remote network protected by a firewall
PurposeMapping open ports on a firewall
Mapping a network behind a firewall
If the firewall’s policy is to drop ICMP ECHO Request/Reply this technique is very effective.
![Page 45: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/45.jpg)
45
How does Firewalking work?
It uses a traceroute-like packet filtering to determine whether or not a particular packet can pass through a packet-filtering device.
Traceroute is dependent on IP layer(TTL field), any transport protocol can be used the same way(TCP, UDP, and ICMP).
![Page 46: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/46.jpg)
46
What Firewalking needs?
The IP address of the last known gateway before the firewall takes place.
Serves as WAYPOINT
The IP address of a host located behind the firewall.
Used as a destination to direct packet flow
![Page 47: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/47.jpg)
47
Getting the Waypoint
If we try to traceroute the machine behind a firewall and get blocked by an ACL filter that prohibits the probe, the last gateway which responded(the firewall itself can be determined)
Firewall becomes the waypoint.
![Page 48: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/48.jpg)
48
Getting the Destination
Traceroute the same machine with a different traceroute-probe using a different transport protocol.
If we get a responseThat particular traffic is allowed by the firewall
We know a host behind the firewall.
If we are continuously blocked, then this kind of traffic is blocked.
Sending packets to every host behind the packet-filtering device can generate an accurate map of a network’s topology.
![Page 49: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/49.jpg)
49
How to identify/avoid threats?
Long-standing rule for Unix System administrators to turn off any services that aren’t in use
For personal workstations!Hackers have access to utilities to scan the servers but so do you!.
Hackers look in for open ports. So we can our servers first and know what the hackers will see and close any ports that shouldn’t be open.
![Page 50: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/50.jpg)
50
Some tools to help us
NmapIt is a utility that scans a particular server and informs us which ports are open.
EtherealIt is a utility that will scan the network and help us decode what is going on.
We can watch the network traffice and find out if hackers can see anything that will help them break into our systems.
![Page 51: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/51.jpg)
51
Enumeration
![Page 52: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/52.jpg)
52
52
Introduction to Enumeration Enumeration extracts information about:
–Resources or shares on the network
–User names or groups assigned on the network
–Last time user logged on
–User’s password
Before enumeration, you use Port scanning and footprinting
–To Determine OS being used
Intrusive process
![Page 53: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/53.jpg)
53
53
NBTscan
NBT (NetBIOS over TCP/IP)–is the Windows networking protocol
–used for shared folders and printers
NBTscan–Tool for enumerating Microsoft OSs
![Page 54: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/54.jpg)
54
54
Null Session Information
Using these NULL connections allows you to gather the following information from the host:
–List of users and groups
–List of machines
–List of shares
–Users and host SIDs (Security Identifiers)
•From brown.edu (link Ch 6b)
![Page 55: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/55.jpg)
55
55
Demonstration of Null Sessions
Start Win 2000 Pro
Share a folder
From a Win XP command prompt–NET VIEW \\ip-address Fails
–NET USE \\ip-address\IPC$ "" /u:""
•Creates the null session
•Username="" Password=""
–NET VIEW \\ip-address Works now
![Page 56: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/56.jpg)
56
56
Demonstration of Enumeration Download Winfo from link
Ch 6g
Run it – see all the information!
![Page 57: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/57.jpg)
57
57
NetBIOS Enumeration Tools
Net view command–Shows whether there are any shared resources on a network host
![Page 58: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/58.jpg)
58
58
NetBIOS Enumeration Tools (continued)
Net use command–Used to connect to a computer with shared folders or files
![Page 59: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/59.jpg)
59
Net use
![Page 60: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/60.jpg)
60
![Page 61: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/61.jpg)
61
61
Additional Enumeration Tools NetScanTools Pro
DumpSec
Hyena
NessusWX
![Page 62: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/62.jpg)
62
62
NetScanTools Pro Produces a graphical view of NetBIOS running on a network
Enumerates any shares running on the computer
Verifies whether access is available for shared resource using its Universal Naming Convention (UNC) name
Costs about $250 per machine (link Ch 6i)
![Page 63: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/63.jpg)
63
63
![Page 64: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/64.jpg)
64
64
![Page 65: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/65.jpg)
65
65
DumpSec
Enumeration tool for Microsoft systems
Produced by Foundstone, Inc.
Allows user to connect to a server and “dump” the following information
–Permissions for shares
–Permissions for printers
–Permissions for the Registry
–Users in column or table format
–Policies and rights
–Services
![Page 66: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/66.jpg)
66
DumpSec
![Page 67: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/67.jpg)
67
67
Hyena
Excellent GUI product for managing and securing Microsoft OSs
Shows shares and user logon names for Windows servers and domain controllers
Displays graphical representation of:–Microsoft Terminal Services
–Microsoft Windows Network
–Web Client Network
–Find User/Group
![Page 68: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/68.jpg)
68
68
![Page 69: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/69.jpg)
69
69
NessusWX This is the client part of Nessus
Allows enumeration of different OSs on a large network
Running NessusWX–Be sure Nessus server is up and running
–Open the NessusWX client application
–To connect your client with the Nessus server
•Click Communications, Connect from the menu on the session window
•Enter server’s name
•Log on the Nessus server
![Page 70: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/70.jpg)
70
70
![Page 71: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/71.jpg)
71
71
![Page 72: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/72.jpg)
72
72
NessusWX (continued)
Nessus identifies –NetBIOS names in use
–Shared resources
–Vulnerabilities with shared resources
•Also offers solutions to those vulnerabilities
–OS version
–OS vulnerabilities
–Firewall vulnerabilities
![Page 73: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/73.jpg)
73
73
![Page 74: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/74.jpg)
74
74
![Page 75: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/75.jpg)
75
75
![Page 76: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/76.jpg)
76
76
![Page 77: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/77.jpg)
77
77
Enumerating the *NIX Operating System
Several variations–Solaris
–SunOS
–HP-UX
–Linux
–Ultrix
–AIX
–BSD UNIX
–FreeBSD
–OpenBSD
![Page 78: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/78.jpg)
78
78
UNIX Enumeration
Finger utility–Most popular tool for security testers
–Finds out who is logged in to a *NIX system
–Determine owner of any process
Nessus–Another important *NIX enumeration tool
![Page 79: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/79.jpg)
79
79
![Page 80: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/80.jpg)
80
80
![Page 81: 1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya](https://reader033.vdocuments.mx/reader033/viewer/2022061506/56649c7b5503460f9492ebcb/html5/thumbnails/81.jpg)
81
Footprinting And Enumeration using netcraft.com