vulnerability scanning
DESCRIPTION
FORE SEC Academy Security Essentials (III ). Vulnerability Scanning. Agenda. Threat vectors Social Engineering Bypassing the firewall Tools that may be visiting your DMZ Network Mapping Tools and Vulnerability Scanners. Primary Threat Vectors. Outsider attack from network - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/1.jpg)
FORESEC Academy
VULNERABILITY SCANNINGFORESEC Academy Security Essentials (III)
![Page 2: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/2.jpg)
FORESEC Academy
Agenda
Threat vectors Social Engineering Bypassing the firewall Tools that may be visiting your
DMZ Network Mapping Tools and
Vulnerability Scanners
![Page 3: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/3.jpg)
FORESEC Academy
Primary Threat Vectors
Outsider attack from network Outsider attack from telephone Insider attack from local network Insider attack from local system Attack from malicious code
![Page 4: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/4.jpg)
FORESEC Academy
KaZaA
Designed for peer-to-peer file sharing on the Internet
Introduces security weaknesses - Hole in a firewall - Users give away network information - A possible annoyance or DDoS tool
![Page 5: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/5.jpg)
FORESEC Academy
KaZaA - Firewall Subversion
1) A and b set up KaZaA Net
2) Firewall denies inbound TCP request
1) C connects to KaZaA Net
2) C’s request relayed to A
3) A connects to C through wall
![Page 6: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/6.jpg)
FORESEC Academy
Firewalls, WirelessConnections, and Modems
![Page 7: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/7.jpg)
FORESEC Academy
Firewalls, WirelessConnections, and Modems
![Page 8: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/8.jpg)
FORESEC Academy
Social Engineering
Attempt to manipulate or trick a personinto providing information or access
Bypass network security by exploitinghuman vulnerabilities
Vector is often outside attack bytelephone or a visitor inside your facility
![Page 9: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/9.jpg)
FORESEC Academy
Social Engineering (2)
Human-based- Urgency- Third-person authorization
Computer-based- Popup windows- Mail attachments
![Page 10: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/10.jpg)
FORESEC Academy
Social Engineering Defense
Develop appropriate security policies
Establish procedures for granting access, etc., and reporting violations
Educate users about vulnerabilities and how to report suspicious activity
![Page 11: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/11.jpg)
FORESEC Academy
Tools that may beVisiting Your DMZ
3 famous Windows Trojans Open share scanners Jackal, Queso, and SYN/FIN Nmap and Hping Worms
![Page 12: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/12.jpg)
FORESEC Academy
Trojans
![Page 13: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/13.jpg)
FORESEC Academy
Trojans (2)
![Page 14: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/14.jpg)
FORESEC Academy
SubSeven Client
![Page 15: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/15.jpg)
FORESEC Academy
SubSeven EditServer
![Page 16: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/16.jpg)
FORESEC Academy
Trojans Review
Trojans can penetrate firewalls as email attachments
SubSeven is still one of the most common
Protective tools include: All major anti-virus tools, firewalls, personal firewalls
![Page 17: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/17.jpg)
FORESEC Academy
Network Mapping Tools
Open share scanners – Legion Network Scanners – Jackal TCP Fingerprinting - Queso, and
SYN/FIN Port Scanners - Nmap and Hping
![Page 18: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/18.jpg)
FORESEC Academy
Finding Unprotected Shares -Legion
![Page 19: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/19.jpg)
FORESEC Academy
Enter the Jackal 1997
![Page 20: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/20.jpg)
FORESEC Academy
Sons of Jackal Continue to be Seen
Source Port 0 and 65535
![Page 21: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/21.jpg)
FORESEC Academy
Queso and Friends http://www.securityfocus.com/tools/144
Queso sends packets with unexpected code bit combinations to determine the operating system of the remote computer. Currently, they claim to be able to distinguish over 100 OSes and OS states. Queso pattern is shown on
notes page
![Page 22: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/22.jpg)
FORESEC Academy
Spoofed NetBIOS
06:49:55 proberA.4197 > 172.20.139.137.139: S 596843772:596843772(0) win 8192 (DF)
06:49:58 proberA.4197 > 172.20.139.137.139: S 596843772:596843772(0) win 8192 (DF)
06:50:04 proberA.4197 > 172.20.139.137.139: S 596843772:596843772(0) win 8192 (DF)
06:50:16 proberA.4197 > 172.20.139.137.139: S 596843772:596843772(0) win 8192 (DF)
12:57:56 proberE.2038 > 172.20.216.29.139: S 294167370:294167370(0) win 8192 (DF)
12:57:59 proberE.2038 > 172.20.216.29.139: S 294167370:294167370(0) win 8192 (DF)
12:58:05 proberE.2038 > 172.20.216.29.139: S 294167370:294167370(0) win 8192 (DF)
12:58:41 proberE.2039 > 172.20.216.29.139: S 294212415:294212415(0) win 8192 (DF)
![Page 23: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/23.jpg)
FORESEC Academy
TTL
In the notes pages are the Time To Live fields
from the traces in the previous slide. Notice how
they cluster around 120. This is not expected
behavior. This is also fixed in the Nmap 2.08
release that has a decoy function so that the
decoy TTLs are random.
Analysis credit to Army Research Lab
![Page 24: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/24.jpg)
FORESEC Academy
Nmap - Network Mapper
Freeware award winning networkscanner.
Supports a large number ofscanning techniques.
Numerous other features supported. - Remote Operating System Detection - Application Detection
![Page 25: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/25.jpg)
FORESEC Academy
nmapwin - Windows port
![Page 26: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/26.jpg)
FORESEC Academy
Hping - Spoofing Port Scanner
Conceptually, a TCP version of .Ping. Sends custom TCP packets to a host
and listens for replies Enables port scanning and spoofing
simultaneously, by crafting packets and analyzing the return
![Page 27: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/27.jpg)
FORESEC Academy
Hping v2.0 - hping Enhanced Uses hping crafted packets to:
- Test firewall rules- Test net performance- Remotely fingerprint OSes- Audit TCP/IP stacks- Transfer files across a firewall- Check if a host is up
![Page 28: Vulnerability Scanning](https://reader035.vdocuments.mx/reader035/viewer/2022081502/5681609b550346895dcfc2ff/html5/thumbnails/28.jpg)
FORESEC Academy
Worms
Attack system through known holes. Automatically scan for more systems
to attack.
Lower system defenses, install a root shell or rootkit, and/or let the attacker know the system has been attacked.