Ways To Attack a Network:
Ping
The IP address gives the attacker’s Internet address. The
numerical address like 212.214.172.81 does not reveal much. You can
use PING to convert the address into a domain name in WINDOWS: The
Domain Name Service (DNS) protocol reveals the matching domain
name. PING stands for “Packet Internet Groper” and is delivered with
practically every
Internet compatible system, including all current Windows
versions.
Make sure
you are logged on to the net. Open the DOS
shell and enter
the following PING command:
Ping –a 123.123.12.1
Ping will search the domain name and reveal it. You will
often have information on the provider the attacker uses e.g.:
dialup21982.gateway123.provider.com
Pinging is normally the first step involved in hacking the
target. Ping uses
ICMP
(Internet Control Messaging Protocol) to determine
whether the target host is reachable or not. Ping sends out ICMP Echo
packets to the target host, if the target host is alive it would respond
back with ICMP
Echo reply packets.
Echo reply packets.
All the versions of Windows also contain the ping tool. To
ping a remote host follow the procedure below.
Click Start and then click Run. Now type ping <ip
address or hostname>
(For example: ping yahoo.com)
This means that the attacker logged on using
“provider.com”.
Unfortunately, there are several IP addresses that cannot
be converted
into domain names.
For more parameter that could be used with the ping
command, go to
DOS prompt and type ping /?.
Ping Sweep
If you are undetermined about your target and just want a
live system, ping sweep is the solution for you. Ping sweep also uses
ICMP to scan for live systems in the specified range of IP addresses.
Though Ping sweep is similar to ping but reduces the time involved in pinging a range of IP addresses. Nmap (http://www.insecure.org) also
contains an option
to perform ping sweeps.
to perform ping sweeps.
Tracert:
Tracert is another interesting tool
available to find more interesting information about a remote host. Tracert also
uses ICMP.
Tracert helps you to find out some information about the systems involved in sending data (packets) from source to destination. To perform a tracert follow the procedure below.
Tracert helps you to find out some information about the systems involved in sending data (packets) from source to destination. To perform a tracert follow the procedure below.
Tracer connects to the computer whose IP has been entered
and reveals all stations starting from your Internet connection. Both
the IP address as well as the domain name (if available) is displayed.
If PING cannot reveal a name, Traceroute will possibly
deliver the name of the last or second last station to the attacker, which
may enable conclusions concerning the name of the provider used by the
attacker and the region from which the attacks are coming.
Go to DOS prompt and type tracert <destination
address>
(For example: tracert yahoo.com).
But there are some tools available like Visual Traceroute
which help you
even to find the geographical location of the routers
involved.
http://www.visualware.com/visualroute
Port Scanning:-
After you have determined that your target system is alive
the next important step would be to perform a port scan on the
target system.
There are a wide range of port scanners available for free.
But many of them uses outdated techniques for port scanning which could
be easily recognized by the network administrator. Personally I like
to use Nmap (http://www.insecure.org) which has a wide range of
options. You can download the NmapWin and its source code from:
http://www.sourceforge.net/projects/nmapwin.
Apart from port scanning Nmap is capable of identifying the
Operating system being used, Version numbers of various services
running,
firewalls being used and a lot more.
Common ports:
Below is a list of some common ports and the respective
services
running on the ports.
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH
23 Telnet
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Configuration Protocol)
79 Finger
80 HTTP
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
Besides the above ports they are even some ports known as
Trojan
ports used by Trojans that allow remote access to that
system.
Vulnerability Scanning:
Every operating system or the services will have some vulnerabilities due to the programming errors. These vulnerabilities are crucial for a successful hack. Bugtraq is
an excellent mailing list discussing the vulnerabilities in the various system. The
exploit code writers write exploit codes to exploit these vulnerabilities existing in a system.
There are a number of vulnerability scanners available to
scan the host for known vulnerabilities. These vulnerability scanners are
very important for a network administrator to audit the network security.
Some of such vulnerability scanners include Shadow Security
Scanner,Stealth HTTP Scanner, Nessus, etc. Visit
http://www.securityfocus.com vulnerabilities and exploit
codes of various
operating systems. Packet storm security
(http://www.packetstormsecurity.com) is also a nice pick.
No comments:
Post a Comment