ebook img

Nmap in the Enterprise: Your Guide to Network Scanning PDF

259 Pages·2008·5.75 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Nmap in the Enterprise: Your Guide to Network Scanning

Angela Orebaugh Becky Pinkard This page intentionally left blank Elsevier, Inc., the author(s), and any person or fi rm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profi ts, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and fi les. Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofi ng®,” are registered trademarks of Elsevier, Inc. “Syngress: The Defi nition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 HJIRTCV764 002 PO9873D5FG 003 829KM8NJH2 004 BAL923457U 005 CVPLQ6WQ23 006 VBP965T5T5 007 HJJJ863WD3E 008 2987GVTWMK 009 629MP5SDJT 010 IMWQ295T6T PUBLISHED BY Syngress Publishing, Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803 Nmap in the Enterprise: Your Guide to Network Scanning Copyright © 2008 by Elsevier, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN 13: 978-1-59749-241-6 Publisher: Andrew Williams Technical Editor: Aaron Bayles Page Layout and Art: SPi For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights, at Syngress Publishing; email This page intentionally left blank Authors Angela Orebaugh is an information security technologist, scientist, and author with a broad spectrum of expertise in information assurance. She synergizes her 15 years of hands-on experiences within industry, academia, and government to advise clients on information assurance strategy, management, and technologies. Ms. Orebaugh is involved in several security initiatives with the National Institute of Standards and Technology (NIST) including technical Special Publications (800 series), the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP), and secure eVoting. Ms. Orebaugh is an adjunct professor at George Mason University where she performs research and teaching in intrusion detection and forensics. Her research includes peer-reviewed publications in the areas of intrusion detection and prevention, data mining, attacker profi ling, user behavior analysis, and network forensics. Ms. Orebaugh is the author of the Syngress best seller’s Wireshark and Ethereal Network Protocol Analyzer Toolkit and Ethereal Packet Sniffi ng. She has also co-authored the Snort Cookbook and Intrusion Prevention and Active Response. She is a frequent speaker at a variety of security conferences and technology events, including the SANS Institute and the Institute for Applied Network Security. Ms. Orebaugh holds a Masters degree in Computer Science and a Bachelors degree in Computer Information Systems from James Madison University. She is currently completing her dissertation for her Ph.D. at George Mason University, with a concentration in Information Security. Angela would like to thank Andrew Williams and Syngress/Elsevier for providing the opportunity to write this book. It would not have been possible without my security guru co-author, Becky Pinkard. Thank you for your amazing technical expertise, constant dedication, and much needed comic relief. I would also like to thank Tim Boyles for his helpful insights and assistance. I would like to thank Fyodor and the Nmap developers for creating such a full-featured, versatile tool. I am fortunate to have such loving and supportive family and friends, who bring joy and balance to my life. Thank you for always being there. Most of all, I would like to thank Tammy Wilt. Your love and encouragement gives me strength to follow my dreams and your patience and support allows me to make them a reality. I am eternally grateful. v Becky Pinkard got her start in the information technology industry in 1996, answering phones and confi guring dial-up networking for GTE Internetworking. She is currently a senior security manager with a Fortune 20 company where she is lucky enough to work with security technology on a daily basis. Becky is a SANS Certifi ed Instructor and has taught with the SANS Institute since 2001. She has participated as a GIAC GCIA advisory board member and on the Strategic Advisory Council for the Center for Internet Security. She is a co-author of the Syngress book, Intrusion Prevention and Active Response, Deploying Network and Host IPS. Becky also enjoys speaking at technical conferences, conventions and meetings. Basically anywhere security geeks can get together and have a few laughs while learning something cool! Additionally, Becky has setup enterprise intrusion detection systems, designed patch, vulnerability and fi rewall strategies, performed network and web security audits, led forensics cases, and developed security awareness training in small and large environments. Becky would like to thank the following folks for their support, kindness and general, all-around, nice-to-work-withedness in making this book possible. Syngress Publishing, Elsevier and especially Andrew Williams for his enthusiasm with this project, sense of humor and much-tested patience. A huge thank you to Eric Ortego for his assistance with Chapter 6 – may our fi ngerprints never show up on your assets! J Thanks to Dan Cutrer for being, without a doubt, the funniest and nicest lawyer I know. Your insights and assistance were greatly appreciated. Acknowledgements would not be complete without mentioning Fyodor and all the incredibly talented people who have made Nmap what it is today. Many, many thanks to you all. A special thank you goes out to Angela Orebaugh - I will always be indebted to you for asking me to share this wild book ride with you. Here’s to the only person I now consider one of my best friends to have never met face-to-face! Here’s a huge shout out to my Mom, just because I know she will get a kick out of it. I love you so much – thank you for all your help over the past few months. Last, but without whom nothing else matters – Kim, Ben, Jake, and our beautiful, happy baby, Luke. Some day when you get big enough, I will teach you how to scan stuff. vi Technical Editor Aaron W. Bayles is an INFOSEC Principal in Houston, Texas. He has provided services to clients with penetration testing, vulnerability assessment, risk assessments, and security design/architecture for enterprise networks. He has over 12 years experience with INFOSEC, with specifi c experience with wireless security, penetration testing, and incident response. Aaron’s background includes work as a senior security engineer with SAIC in Virginia and Texas. He is also the lead author of the Syngress book, InfoSec Career Hacking, Sell your Skillz, Not Your Soul, as well as a contributing author of the First Edition of Penetration Tester’s Open Source Toolkit. Aaron has provided INFOSEC support and penetration testing for multiple agencies in the U.S. Department of the Treasury, such as the Financial Management Service and Securities and Exchange Commission, and the Department of Homeland Security, such as U. S. Customs and Border Protection. He holds a Bachelor’s of Science degree in Computer Science with post-graduate work in Embedded Linux Programming from Sam Houston State University and is also a CISSP. vii This page intentionally left blank Contents Chapter 1 Introducing Network Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 What is Network Scanning? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Networking and Protocol Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Explaining Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Understanding the Open Systems Interconnection Model . . . . . . . . . . . . . . . 5 Layer 1: Physical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Layer 2: Data Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Layer 3: Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Layer 4: Transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Layer 5: Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Layer 6: Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Layer 7: Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Carrier Sense Multiple Access/Collision Detection (CSMA/CD) . . . . . . . . . 14 The Major Protocols: IP, TCP, UDP, and ICMP . . . . . . . . . . . . . . . . . . . . . . 15 IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Internet Control Message Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 The TCP Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 TCP Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Network Scanning Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Host Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Port and Service Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 OS Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Evasion and Spoofi ng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Common Network Scanning Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Who Uses Network Scanning? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Detecting and Protecting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Network Scanning and Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.