Back to Cptr427Winter2010

=Hacking Exposed Chapter 2: Scanning= Scanning is a method of determining if a determining what system and services are running on a machine

==Determining if the System is Alive= ===Network Ping Sweeps===

Detecting a ping sweep is important to maintain security. Snort can be used to detect ping sweeps, and most commercial network and desktop firewalls can detect ping sweeps. Preventing a ping sweep can be done by evaluating the ICMP traffic that you allow into your network

===ICMP Queries=== ICMP Queries are used as a scanning technique that takes advantage of the expected default replies to different types of ICMP traffic.

To defend against ICMP queries, it is possible to block the ICMP types that give out information at your border routers

==Determining Which Services are Running or Listening== ===Port Scanning=== After finding responsive systems, an attacker will typically attempt to determine which services are running on a machine. One technique used to do so is port scanning. Port scanning is the process of sending packets to TCP or UDP ports on a target system are running or in a listening state. This allows the attacker to determine what attacks will be effective against a system.

====Scan Types==== *TCP Connect Scan *TCP SYN Scan *TCP FIN Scan *TCP Xmas Tree Scan *Many more ====Identifying TCP and UDP Services Running==== Tools to identify running services include: *Strobe: a TCP scanning utility for Linux *udp_scan: a udp scanner for Linux *netcat: A tool that can be used to do TCP and UDP scans for Linux *nmap: A tool that can scan both TCP and UDP for UNIX *SuperScan: TCP/UDP scanner for Windows *WUPS: UDP Scanner for Windows *Many more

====Defending against port scans==== Detecting port scans can be done with Snort and many other firewalls. Preventing a port scan is not viable, but limiting exposure is. This can be accomplished by disabling services that are not necessary on the target machine.

==Detecting the Operating System== ===Active Operating System Detection===