20,199,105 2019-2020-2 "network attack and defense practice," the third week of work

Others 2020-03-15 18:06:04 views: null

Network attack and defense practice: Which course of this work belongs

Where this requirement in the job: the third job - to collect network information technology practice two

My aim in this course are: learning network attack and defense-related technologies and practices

In particular aspects of the job which helped me to achieve goals: learning network information collection technology (check out the location, scanning, enumeration)

First, the experiment content

Network information collection methods in three areas in this chapter

1. Network Capitol (footprinting):

Definition: refers to the attacker planned, steps to target organizations or individuals to collect information, to understand the network environment and information security objectives, prepare for the next attack.

means:

1.Web Search and Mining: the ability to leverage the power of Web search, a large number of public or accidentally leaked information about the target Web mining

2.DNS and IP query: through a number of public Internet-based information services, to find the target domain, the mapping between the IP address and geographic location, registration information, etc.

ICANN (the Internet technical coordination body) is mainly responsible for coordinating the distribution of work based on several types of identifiers on the Internet, including the DNS domain name, parameter index and a port number and IP address mapping relationship with network communication protocols, etc.

3. Network Topology reconnaissance: After identify as potential targets of the network, which an attacker can network topology and network access path may be determined by the existence of the network topology reconnaissance attempts

2. Network scanning (scanning):

Objective: To detect the target network, find out as much connection destination, and then get further probe type, the presence of security vulnerabilities and other information
technology type:

1. Host Scan (ping Scan): mainly by scanning the target network IP address range, to determine which of the active devices and systems in the presence of this network. Into a host using ICMP protocol scanning, scan using the TCP protocol host, using the host scanning UDP protocol. Currently the most widely used scanning software host is nmap. Precautions host may be employed, for example, scanning a network intrusion detection systems detect nsort like.

Command Line Options Function Description send data
nmap -sP A collection of ICMP / SYN / ACK / UDP Ping function, nmap default
Nmap -AM ICMP Echo host scanning ICMP Echo Request packet
nmap -PS Host TCP SYN scan Packet with SYN flag
nmap -by Host TCP ACK scan Packet with the ACK flag
nmap -PU UDP Host Scan UDP packet

2. Port Scan: After scanning the host to determine active hosts, which used to open the TCP / UDP port on the host active exploration, were scanning TCP port and UDP port scan.

Connect TCP port scan comprises a scan, SYN scan two basic types.

  • Connect Scanning: scan hosts call connect () through the system and try TCP three-way handshake for each target host port to establish a connection

  • SYN scan: Connect improvements scan, the three-way handshake third step is omitted, for connection directly after the open port RST feedback SYN / ACK packet

UDP port scan is a UDP open ports and network monitor detect discovery.

Command Line Options Function Description
nmap -sT TCP Connect () port scan
nmap -sS TCP SYN port scan
nmap -sF FIN port scans
-in nmap NULL port scan
nmap -sN ACK Port Scan
nmap -sX Christmas tree port scan
Nmap -sU UDP port scan

3. network / system type probe: The purpose is to open the system and the type of network service probing active host. The main types of exploration technology systems include: active operating system detection technology, operating systems, passive recognition technology. Network service type exploration mainly looking for open network application service port binding, active probing into network services, network services passive recognition technology

4. Vulnerability Scanner: a probe discovered security vulnerability of a particular network operating system, network services and applications that exist in order to implement penetration attacks, gain access to target host control

China in recent years also established the China National Vulnerability Database CNNVD and national information sharing platform security vulnerabilities CNVD

3. Network enumeration (enumeration):

  • Network services fetch flags: Client Tools connect to remote networks and services and to collect critical observing the output information to the network service is generally limited to plain text transport protocol
  • Universal Network Services enumeration: through a network of popular network protocols common enumeration.

Second, practice

1. Network Capitol

Task 1.1 Web Search and Mining

Baidu's advanced search page content

Peking retrieval of information, site search range defined in the instruction particular site, filetype instruction screening document format

Select the first retrieving information, downloadable excel file, view the following information

Task 1.2 DNS and IP query:

Select baidu.com DNS domain name query to obtain the following information:
the DNS registrant and contact information of the domain names corresponding IP address, IP address registrant and contact information, IP address country, city, and specific location.

By Ali cloud domain name information query system search to get registration time, update time, registered address information Country City, registered mail and contact information.

By nslookup command queries baidu.com mapping IP addresses on a virtual machine kali

You can also use more powerful dig command, "ANSWER SECTION" is the result of the query to, A / CNAME DNS record type represents.

Task 2 Query your friends IP and location

2. Network Scanning

Task 1. Using nmap open source software to scan the environment drone

First, using the command nmap -sP drone IP address 192.168.200.67 inquiry is active, when you close the drones, suggesting Host seems down; open drones, suggesting Host is up, explain drone is active

Instructions for using nmap -sS 192.168.200.67 drone for TCP SYN port scan

Use nmap -sU 192.168.200.67 to carry out drone UDP port scan

Use nmap -O 192.168.200.67 scanning type operating system, the Linux operating system for the drone understood, the following version of FIG.

Use the command nmap -sV 192.168.200.67 network services to scan, there are ftp, ssh, http and other services

Task 2. Using Nessus open-source software to scan the environment drone

Which ports are open on drone
on each port drone network services security vulnerabilities exist which
do you think the fall drone environment, in order to obtain system access

3. Network enumeration

Task 1. Search your own footprint on the Internet, confirmed leak of sensitive information and privacy problems

As my name is very common, so the search can only add a keyword.
Name + undergraduate school, searched two messages, the first message I was exposed to the UK to participate in a summer camp as well as CCTV internship information, the second information exposed my student number.

And then search for the name of the school + high school, searched two school information posted it, exposing my class in someone else's reply in

And then search for the name of the + primary school, even search to a year to write essays

Recalling the feeling it again their own "black history"

However, the above information is not exposed my self, feeling unable to stop (helpless ...), but in peacetime to avoid using the Internet or use their real names when dealing with personal information to fill in, as little as possible to write or compile false information.

Third, the problems encountered in the study and solution

Question 1: When using nmap to carry out drone UDP port scan, inexplicably very slowly, I do not know why

Fourth, the learning and experience feelings

First learning network attack and defense-related knowledge, access to a number of tools to master a small part in the experiment, and the practice has yet to be extended. This chapter of the network information collection experiment is very interesting, although not a hacker movies are so cool wave of God operating, but that she also experienced some very basic simple way, and gradually have a sense framework for knowledge of this module in the experiment .

References:

  1. linux dig command to use

Guess you like

Origin www.cnblogs.com/flwstudy/p/12498758.html
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com