Network attack and defense practice: Which course of this work belongs
Where this requirement in the job: the third job - to collect network information technology practice two
My aim in this course are: learning network attack and defense-related technologies and practices
In particular aspects of the job which helped me to achieve goals: learning network information collection technology (check out the location, scanning, enumeration)
First, the experiment content
Network information collection methods in three areas in this chapter
1. Network Capitol (footprinting):
Definition: refers to the attacker planned, steps to target organizations or individuals to collect information, to understand the network environment and information security objectives, prepare for the next attack.
means:
1.Web Search and Mining: the ability to leverage the power of Web search, a large number of public or accidentally leaked information about the target Web mining
2.DNS and IP query: through a number of public Internet-based information services, to find the target domain, the mapping between the IP address and geographic location, registration information, etc.
ICANN (the Internet technical coordination body) is mainly responsible for coordinating the distribution of work based on several types of identifiers on the Internet, including the DNS domain name, parameter index and a port number and IP address mapping relationship with network communication protocols, etc.
3. Network Topology reconnaissance: After identify as potential targets of the network, which an attacker can network topology and network access path may be determined by the existence of the network topology reconnaissance attempts
2. Network scanning (scanning):
Objective: To detect the target network, find out as much connection destination, and then get further probe type, the presence of security vulnerabilities and other information
technology type:
1. Host Scan (ping Scan): mainly by scanning the target network IP address range, to determine which of the active devices and systems in the presence of this network. Into a host using ICMP protocol scanning, scan using the TCP protocol host, using the host scanning UDP protocol. Currently the most widely used scanning software host is nmap. Precautions host may be employed, for example, scanning a network intrusion detection systems detect nsort like.
Command Line Options | Function Description | send data |
---|---|---|
nmap -sP | A collection of ICMP / SYN / ACK / UDP Ping function, nmap default | |
Nmap -AM | ICMP Echo host scanning | ICMP Echo Request packet |
nmap -PS | Host TCP SYN scan | Packet with SYN flag |
nmap -by | Host TCP ACK scan | Packet with the ACK flag |
nmap -PU | UDP Host Scan | UDP packet |
2. Port Scan: After scanning the host to determine active hosts, which used to open the TCP / UDP port on the host active exploration, were scanning TCP port and UDP port scan.
Connect TCP port scan comprises a scan, SYN scan two basic types.
Connect Scanning: scan hosts call connect () through the system and try TCP three-way handshake for each target host port to establish a connection
SYN scan: Connect improvements scan, the three-way handshake third step is omitted, for connection directly after the open port RST feedback SYN / ACK packet
UDP port scan is a UDP open ports and network monitor detect discovery.
Command Line Options | Function Description |
---|---|
nmap -sT | TCP Connect () port scan |
nmap -sS | TCP SYN port scan |
nmap -sF | FIN port scans |
-in nmap | NULL port scan |
nmap -sN | ACK Port Scan |
nmap -sX | Christmas tree port scan |
Nmap -sU | UDP port scan |
3. network / system type probe: The purpose is to open the system and the type of network service probing active host. The main types of exploration technology systems include: active operating system detection technology, operating systems, passive recognition technology. Network service type exploration mainly looking for open network application service port binding, active probing into network services, network services passive recognition technology
4. Vulnerability Scanner: a probe discovered security vulnerability of a particular network operating system, network services and applications that exist in order to implement penetration attacks, gain access to target host control
China in recent years also established the China National Vulnerability Database CNNVD and national information sharing platform security vulnerabilities CNVD
3. Network enumeration (enumeration):
- Network services fetch flags: Client Tools connect to remote networks and services and to collect critical observing the output information to the network service is generally limited to plain text transport protocol
- Universal Network Services enumeration: through a network of popular network protocols common enumeration.
Second, practice
1. Network Capitol
Task 1.1 Web Search and Mining
Baidu's advanced search page content
Peking retrieval of information, site search range defined in the instruction particular site, filetype instruction screening document format
Select the first retrieving information, downloadable excel file, view the following information
Task 1.2 DNS and IP query:
Select baidu.com DNS domain name query to obtain the following information:
the DNS registrant and contact information of the domain names corresponding IP address, IP address registrant and contact information, IP address country, city, and specific location.
By Ali cloud domain name information query system search to get registration time, update time, registered address information Country City, registered mail and contact information.
By nslookup command queries baidu.com mapping IP addresses on a virtual machine kali
You can also use more powerful dig command, "ANSWER SECTION" is the result of the query to, A / CNAME DNS record type represents.
Task 2 Query your friends IP and location
2. Network Scanning
Task 1. Using nmap open source software to scan the environment drone
First, using the command nmap -sP drone IP address 192.168.200.67 inquiry is active, when you close the drones, suggesting Host seems down; open drones, suggesting Host is up, explain drone is active
Instructions for using nmap -sS 192.168.200.67 drone for TCP SYN port scan
Use nmap -sU 192.168.200.67 to carry out drone UDP port scan
Use nmap -O 192.168.200.67 scanning type operating system, the Linux operating system for the drone understood, the following version of FIG.
Use the command nmap -sV 192.168.200.67 network services to scan, there are ftp, ssh, http and other services
Task 2. Using Nessus open-source software to scan the environment drone
Which ports are open on drone
on each port drone network services security vulnerabilities exist which
do you think the fall drone environment, in order to obtain system access
3. Network enumeration
Task 1. Search your own footprint on the Internet, confirmed leak of sensitive information and privacy problems
As my name is very common, so the search can only add a keyword.
Name + undergraduate school, searched two messages, the first message I was exposed to the UK to participate in a summer camp as well as CCTV internship information, the second information exposed my student number.
And then search for the name of the school + high school, searched two school information posted it, exposing my class in someone else's reply in
And then search for the name of the + primary school, even search to a year to write essays
Recalling the feeling it again their own "black history"
However, the above information is not exposed my self, feeling unable to stop (helpless ...), but in peacetime to avoid using the Internet or use their real names when dealing with personal information to fill in, as little as possible to write or compile false information.
Third, the problems encountered in the study and solution
Question 1: When using nmap to carry out drone UDP port scan, inexplicably very slowly, I do not know why
Fourth, the learning and experience feelings
First learning network attack and defense-related knowledge, access to a number of tools to master a small part in the experiment, and the practice has yet to be extended. This chapter of the network information collection experiment is very interesting, although not a hacker movies are so cool wave of God operating, but that she also experienced some very basic simple way, and gradually have a sense framework for knowledge of this module in the experiment .
References: