Overview of Network Scanning Flashcards
IRDP
The ICMP Router Discovery Protocol (IRDP) is a routing protocol that allows a host to discover the IP addresses of active routers on its subnet by listening to router advertisement and solicitation messages on its network. The attacker can add default route entries on a system remotely by spoofing router advertisement messages. Since IRDP does not require any authentication, the target host will prefer the default route defined by the attacker to the default route provided by the DHCP server. The attacker accomplishes this by setting the preference level and the lifetime of the route at high values to ensure that the target hosts will choose it as the preferred route.
ARP
Address Resolution Protocol (ARP) is a stateless TCP/IP protocol that maps IP network addresses to the addresses (hardware addresses) used by a data link protocol. Using this protocol, a user can easily obtain the MAC address of any device on a network.
DHCP
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that provides an IP address to an IP host. In addition to the IP address, the DHCP server also provides configuration related information such as the default gateway and subnet mask. When a DHCP client device boots up, it participates in traffic broadcasting.
DNS
DNS is the protocol that translates a domain name (into an IP address . The protocol uses DNS tables that contain the domain name and its equivalent IP address stored in a distributed large database.
hping3 -1 –p 80
ICMP Ping
hping3 –A –p 80
ACK scan on port 80
hping3 -2 –p 80
UDP scan on port 80
hping3 -8 50-60 –S -V
SYN scan on port 50-60
hping3 –F –P –U –p 80
FIN, PUSH and URG scan on port 80
hping3 -1 10.0.1.x –rand-dest –I eth0
Scan entire subnet for live host
hping3 -9 HTTP –I eth0
Intercept all traffic containing HTTP signature
Nmap scripting engine (NSE)
provides scripts that reveal all sorts of useful information from the target web server. Network discovery More sophisticated version detection Vulnerability detection Backdoor detection Vulnerability exploitation
Ping of death
In a ping of death (PoD) attack, an attacker tries to crash, destabilize, or freeze the target system or service by sending malformed or oversized packets using simple ping command. For instance, the attacker sends a packet that has a size of 65,538 bytes to the target webserver. This size of the packet exceeds the size limit prescribed by RFC 791 IP, which is 65,535 bytes.
SYN flooding
In an SYN attack, the attacker sends a large number of SYN requests to the target server (victim) with fake source IP addresses. The attack creates incomplete TCP connections that use up network resources.
TCP hijacking
TCP session hijacking allows attackers to take over an active session by bypassing the authentication process.
