Page 94 - StudyBook.pdf
P. 94

78     Chapter 2 • General Security Concepts: Attacks


              EXERCISE 2.04


              TESTING YOUR NETWORK’S PORTS
                  For this exercise, you will need a copy of the Nmap port scanning tool.
                  The UNIX version and links to a Windows version can be found at
                  www.insecure.org. Nmap is a powerful port scanning utility that can be
                  used to gain information about a single host or an entire network; it
                  can even determine OS types.
                      The basic command used with Nmap is nmap <ipaddress>. If you are
                  running as the unprivileged user, this will default to a TCP scan, which
                  essentially establishes a full TCP connection to each port on the target
                  system.
                      There are a number of useful options, some of which will require
                  you to run as root.
                      Consider Nmap –sS –O –v <ipaddress>: This scan only sends the SYN
                  packets, and thus is considered a stealth scan. The –O specifies that we’d
                  like Nmap to determine the OS type, and the –v requests the verbose
                  mode, so we see exactly what the program is doing, while it’s doing it.
                      You may notice that it takes a really long time to scan hosts. This is
                  because Nmap scans all ports by default. You may wish to shorten the
                  scan time by limiting it to certain ports. This can be done via the –p
                  command. For example, Nmap –sS –v –p ‘1-1024’ will use a SYN scan to
                  scan only ports 1-1024.
                      Nmap can also be used to scan networks for responding hosts. This
                  function is called the ping scan and can be invoked with the –sP option.
                      There are many more things that can be done with Nmap, so make
                  sure you have a test lab environment ready and start trying the many
                  different options.






             Passive Attacks

             During a passive attack, the direct opposite of an active attack, the attacker isn’t
             directly affecting the victim’s network. Rather, the attacker is passively listening for
             something to occur, or trying to gather information. Some passive attacks can be
             likened to eavesdropping on someone’s conversation, or using binoculars to spy on
             someone.There are quite a few interesting ways that passive attacks can occur,
             which will be described in detail in the following sections.



          www.syngress.com
   89   90   91   92   93   94   95   96   97   98   99