IT NEWS     Sustainability    Get JOB ALERTS that match your skills
Technology news and Jobs arrow Information Technology News arrow Introduction to Linux penetration testing with nmap
Introduction to Linux penetration testing with nmap PDF E-mail
User Rating: / 4
PoorBest 
by David M Williams   
Tuesday, 14 August 2007
Page 1 of 3
How can you be sure your network is secure? Before you can patch vulnerabilities you need to discover them. You need to think like a cracker might. You need to hack your own system. This is known as “penetration testing” – a more palatable term to corporations – and the rich tool set of Linux makes it a superb platform for doing this.

Related stories

The starting point for a penetration test is research: probing the target system to discover anything that can be useful. This includes the type of operating system and particularly what services it exposes through its firewall, and what server applications it is running – both in terms of protocol and software implementation.

Ping


Just as ping is surely the first point of call when troubleshooting a network, so too its underlying protocol – ICMP – is where research must start, to determine the host in question is up and on the network. According to Internet RFC 1122 every TCP/IP host must implement the ICMP echo request and respond to it. Thus, try using ping to elicit a response from your target.

In all likelihood, you won’t get a response. Although the RFC says one thing, practically, it is not so; external ICMP requests are routinely blocked by firewalls – both to deter probing by malicious forces and to defend against the ping flood denial of service (DoS) attack.

That’s no problem: a TCP ping can be used. Instead of relying on low-level ICMP messages, an ordinary TCP acknowledgement (“ACK”) packet of data can be sent. The same RFC specifies that unsolicited ACK packets should receive a TCP reset (“RST”) response. So, if such a packet is sent to the server on, say, port 25 (SMTP e-mail) or port 80 (HTTP) – two common services which may be available on the target machine – there’s a probability of getting an RST response which indicates the host exists, is running and is online.

Combining the ICMP and TCP pings over a range of addresses is known as a ping sweep and can help detect a range of computers that your target site has available.

The best known piece of software to achieve this is nmap, a free open-source application available from www.insecure.org. If nmap is not presently installed on your system, you can download it without any difficulty.

Use nmap –sP host to perform a ping sweep, where host is the individual hostname or IP address you wish to target or a range of addresses by writing in CIDR-style format with /numbits appended to an address. You can even list multiple IP addresses or hosts, separated by spaces. Check the nmap web site for information on the raft of addressing options. A clever idea here is to send the output from nmap’s ping sweep results to a text file as a list of IP addresses, one to a line, and then use this later as the input to subsequent nmap commands.

Fine-tune –sP by adding optional flags –P0 to disable ICMP ping, and –PS to enable TCP ping.


<< First page <   1 2 3 Next page > Last page - Post your comment >>
 
< Next story in category   Previous story in the category >
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff
Subscribe to our free e-newsletter
First name:
Last name:
Your email address:
Your role:
Your industry:
Australian state:
Country:
Enter the security code shown:
mandatory
JobsWire Technology Jobs in Melbourne
Active Directory  Apache  Software Architect  C#  C++  Cisco  Citrix   Cognos  Coldfusion  CRM  Crystal Reports  Software Development  ERP  HTML  IBM  IT Infrastructure  ITIL  J2EE  Java  LAN/WAN  Linux  Lotus Notes  MS Project  .NET  Oracle  SDLC  SQL  IT Support  IT Training  UAT  UML  Unix  XML
  JobWire - IT Jobs
Contact , Register , Advertise with iTWire , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page
Industry Releases , Submit your release now