HostedDB - Dedicated UNIX Servers
nst_6 6 Nmap and Hping6 are tools that support TCP Sweep, both for the Unix platform. Hping even adds an additional option to fragment packets, which allows the TCP packet to pass through certain access control devices. An example with nmap: [root@mia /root] ./nmap –sP –PT80 192.168.2.0/24 TCP probe port is 80 Starting nmap V. 2.2-BETA4 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/) Host host1.MyDomain.com (192.168.2.0) appears to be up. Host host2.MyDomain.com (192.168.2.1) appears to be up. Host.host3.MyDomain.com (192.168.2.2) appears to be up. Host host4.MyDomain.com (192.168.2.3) appears to be up. Host host5.MyDomain.com (192.168.2.4) appears to be up. Host host6.MyDomain.com (192.168.2.5) appears to be up. Host host254.MyDomain.com (192.168.2.254) appears to be up. Nmap run completed -- 32 IP addresses (13 hosts up) scanned in 12 seconds 2.5 UDP Sweeps (Also known as UDP Scans) This method relies on the ICMP PORT UNREACHABLE message, initiated by a closed UDP port. If no ICMP PORT UNREACHABLE message is received after sending a UDP data gram to a UDP port that we wish to examine on a targeted system, we may assume the port is opened. UDP scanning is unreliable because of a number of reasons7: · Routers can drop UDP packets as they cross the Internet. · Many UDP services do not respond when correctly probed. · Firewalls are usually configured to drop UDP packets (except for DNS). · UDP sweep relies on the fact that a non-active UDP port will respond with an ICMP PORT UNREACHABLE message. 3.0 Port Scanning   Ping Sweeps help us identify which systems are alive. The next step is trying to determine what services (if any) are running or in a LISTENING state on the targeted system, by connecting to the TCP and UDP ports of that system. This is called – Port Scanning. For the hacker it is critical to identify listening ports, because it helps him identify the operating system and application in use. The services detected as listening may suffer from vulnerabilities which may result from two reasons: · Misconfiguration of the service · The version of the software is known to have security flaws If identified, these vulnerabilities can lead to unprivileged access gained by the attacker. We will further discuss port scanning types, techniques, and tools.   6 http://www.kyuzz.org/antirez 7 Ron Gula, How to Handle and Identify Network Probes, Netowrk Defense Consultng.