Scanning Networks Flashcards
What is metasploit
Metasploit is an open source project that provides the infrastructure, content and tools to perform penetration test and exensive security suditing. IT provides information about security vulnerablilities and aids in penetration testing and IDS signature development.
What techniques can be used to evade firewalls?
Packet fragmentation
Source routing
Source port manipulation
Ip Address Decoy
Ip address spoofing
Mac Address spoofing
Creating custom packets
Randomizing host order
Sending bad checksums
Proxy servers
Anonymizers
What does the hping3 -A 10.0.0.25-p 80 command do?
Hping3 is a command line oriented network scanning and packet crafting tool for the tcpIP protocol that sends icmp echo requrest and supports tcp, udp, icmp and raw ip protocols
The full comand will do an ACK scan (-A) on port 80 (-p 80) this is to check if there is a firewall.
What is banner grabbing?
Banner grabbing or OS Fingerprinting is a method used to determine the OS that is running on a remote target system. IT is an important scanning method as the attacker will ahve a higher probability of success if the OS of the target system is known.
What types of banner grabbing are there?
Active banner grabbing: Use speially crafted TCP packets to check an OS
Passive baner Grabbing: runs on the same premis as Active but it checks out going packets with a sniffer to study the os
What is the -sS nmap switch and what does it do?
SYN Half-open scan
Stealth scan
Perform a TCP SYN scan.
What is the -sV nmap switch and what does it do?
Service version discovery
Probe open ports to determine service/version info.
Some version of the protocols are insecure and they can allow attackers to compromise the machine.
What is the -O nmap switch and what does it do?
Os discovery. Nmap is an effective tool for performing os discovery.
What is the -sn nmap switch and what does it do?
sn is the Nmap command to disable the port scan.
What is the -PM nmap switch and what does it do?
ICMP address mask ping scan this is where the attackers send an icmp address maks query to the target host ot acquire information related to the subnet mask.
What are three type os scanning.
Ports scanning
Network scanning
Vulnerability scanning
Explain port scanning
Lists the open ports and services.
Explain network scanning
Lists active hosts and IP addresses.
Vulnerablility scanning
SHows the presence of know weaknesses.
What are the different forms of TCP scanning?
Open TCP Scanning methods: Tcp connect/ full open scan
Stealth TCP scanning methods: Half open scan, INverse tcp flag scan, xmas, fin, null, maimon
Ack flog probe scan: TTl based, window based.
What is an echo ping sweep?
A ping sweep is a basic netowrk scanning technique that is adopted to determine the range of IP addresses that map to live hosts.
What are TCP communication flags?
They control the transmission the transmission of data across a tcp connection. There are six tcp control flags.
What are the four flags tha govern the astablishment, maintenance and termination of a connection?
SYN, ACK, FIn and RST.
What are the two flag that provide instructions to the system.
PSH and URG
What is Zenmap?
It is the official, free and open source gui for nmap.
What does the nmap -6 -O 192.168.3.56 command do?
It will scan the target ip address using IPV6 to identify the operating system.
What is the Xmas scan?
It is a scan that uses the FIN, URG and PUSH flags to send a tcp frame to a remote device. IF the raget has opened the port then you will receive no response from the remote system.
