Technology news and Jobs arrow Information Technology News arrow Introduction to Linux penetration testing with nmap
Introduction to Linux penetration testing with nmap E-mail
by David M Williams   
Tuesday, 14 August 2007
Page 1 of 3
How can you be sure your network is secure? Before you can patch vulnerabilities you need to discover them. You need to think like a cracker might. You need to hack your own system. This is known as “penetration testing” – a more palatable term to corporations – and the rich tool set of Linux makes it a superb platform for doing this.

Featured Whitepaper

5 Best Practices for Smartphone Support
The starting point for a penetration test is research: probing the target system to discover anything that can be useful. This includes the type of operating system and particularly what services it exposes through its firewall, and what server applications it is running – both in terms of protocol and software implementation.

Ping


Just as ping is surely the first point of call when troubleshooting a network, so too its underlying protocol – ICMP – is where research must start, to determine the host in question is up and on the network. According to Internet RFC 1122 every TCP/IP host must implement the ICMP echo request and respond to it. Thus, try using ping to elicit a response from your target.

In all likelihood, you won’t get a response. Although the RFC says one thing, practically, it is not so; external ICMP requests are routinely blocked by firewalls – both to deter probing by malicious forces and to defend against the ping flood denial of service (DoS) attack.

That’s no problem: a TCP ping can be used. Instead of relying on low-level ICMP messages, an ordinary TCP acknowledgement (“ACK”) packet of data can be sent. The same RFC specifies that unsolicited ACK packets should receive a TCP reset (“RST”) response. So, if such a packet is sent to the server on, say, port 25 (SMTP e-mail) or port 80 (HTTP) – two common services which may be available on the target machine – there’s a probability of getting an RST response which indicates the host exists, is running and is online.

Combining the ICMP and TCP pings over a range of addresses is known as a ping sweep and can help detect a range of computers that your target site has available.

The best known piece of software to achieve this is nmap, a free open-source application available from www.insecure.org. If nmap is not presently installed on your system, you can download it without any difficulty.

Use nmap –sP host to perform a ping sweep, where host is the individual hostname or IP address you wish to target or a range of addresses by writing in CIDR-style format with /numbits appended to an address. You can even list multiple IP addresses or hosts, separated by spaces. Check the nmap web site for information on the raft of addressing options. A clever idea here is to send the output from nmap’s ping sweep results to a text file as a list of IP addresses, one to a line, and then use this later as the input to subsequent nmap commands.

Fine-tune –sP by adding optional flags –P0 to disable ICMP ping, and –PS to enable TCP ping.


<< First page <   1 2 3 Next page > Last page - Post your comment >>
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More

Today on iTWireToday on iTWire

Latest news
Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers