Network Applications and Network Applications Lab
Chapter Two Notes
Other Chapter Notes:
It is important to remember that even though an IP address is
within the IP range, it is not necessarily accessible from the internet.
We will need to test each target system to see if it is alive and
if any ports are listening.
if a system is alive
ping sweep on a range of IP addresses.
in the UNIX environment.
for all available options
utility to use is nmap.
- -sP is the ping
Windows, use can use Pinger
is not uncommon to come across a security-conscious site that has
blocked ICMP at the border router or firewall.
get around an ICMP block, port scanning is the first technique to
determine like hosts.
can scan common ports on every IP address to see if there are
systems there and if they are listening.
- Nmap –sP –PT80 126.96.36.199/24
scan port 80 forIP addresses in this range.
- SMPT (25)
- POP (110)
- AUTH (113)
- IMAP (143)
user to control specific options of the TCP packet that may allow
it to pass through certain access control devices.
–S –p 80 –f
- Detecting ping sweeps is critical to
understanding who may attack and when they might do it.
- You should carefully evaluate the type of
ICMP traffic you allow into your networks or into specific
- ICMP is a powerful protocol for diagnosing
network problems, but it is also easily abused.
- Allowing unrestricted access could result
in a denial of service attack.
sweeps are only the tip of the iceberg when it comes to ICMP
information about a system.
request the time to see what time zone the system is in.
- Do this by sending an ICMP type 13 message
the netmask of a particular device with the ICMP type 17 message
(ADDRESS MASK REQUEST)
ICMP types that give out information at your border routers.
restrict TIMESTAMP (ICMP type 13) and ADDRESS MASK (ICMP type 17)
- Access-list 101 deny icmp any any 13 !
- Access-list 101 deny icmp any any 17 !
address mask request
which services are running or listening
scanning: the process of connecting to TCP and UDP ports on the
target system to determine what services are running or in a
the type of operating system and applications in use.
unauthorized access to systems and software.
- Half-open scanning
- SYN packet sent to port to determine if it
- Stealthier than a full TCP contact.
Xmas Tree scan
TCP and UDP services running
- Strobe is a TCP scanner only and does not
provide UDP scanning capabilities
–v –z –w2 192.168.1.1 1-1024
- -v and –vv options provide verbose and
very verbose output
- -z provide zero mode I/O and is used for
- -w2 provides a timeout value for each
- Ident scanning
- Used to determine the user os a
particular TCP connection by communicating with port 113
- FTP bounce scanning
- FTP Protocol
- If ports 135 and 139 are open, the system
is probably Windows
the Operating System
- Sent to open port, windows NT will respond
with a FIN/ACK
sequence number (ISN) probe
fragment bit” monitoring
initial window size
error message quenching
- Operating systems may follow RFC
1812 (http://www.ieft.org/rfc/rfc1812.txt) and limit the
rate at which messages are sent.
- Information varies between operating
systems so this may help to figure out which operating system is
error message-echoing integrity
of service (TOS)
[Home] [Procedures] [Reading
Notes] [Back to Top]
Questions or Comments? Click here
to email me.