Tải bản đầy đủ (.pdf) (9 trang)

Mạng máy tính nâng cao

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (732.97 KB, 9 trang )

Lab 3:
Network Security Threats
Student Name: Hoàng Nguyễn Anh Quốc
Student No: 51002641

I.

Objectives
Get to know some common network security threats
Using Nmap to analyze vulnerabilities of a specific host

II.

Preparation
Download and install nmap from select the version that is appropriate to
your operating system version.

III.

Some common network security threats
a. Viruses and worms
A Virus is a “program or piece of code that is loaded onto your computer without
your knowledge and runs against your wishes, Viruses can cause a huge amount of
damage to computers.
In relation to a network, if a virus is downloaded then all the computers in the
network would be affected because the virus would make copies of itself and spread
itself across networks
A worm is similar to a virus but a worm can run itself whereas a virus needs a host
program to run.
Virus: W32.UsbFakeDrive - Khi mở USB bị nhiễm virus, người sử dụng sẽ thấy
một ổ đĩa nữa trong USB đó và phải mở tiếp ổ đĩa thứ hai này mới thấy được dữ


liệu. Thực chất, ổ đĩa thứ hai chính là một shortcut chứa file virus. Khi người
dùng mở dữ liệu cũng là lúc máy tính bị nhiễm mã độc từ USB.
Worm
nhiên
:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n "windows auto update" = msblast.exe
Triệu chứ
, v.v…)

b. Trojan Horses

CuuDuongThanCong.com

/>

A Trojan Horse is “a program in which malicious or harmful code is contained inside
apparently harmless programming or data in such a way that it can get control and do
its chosen form of damage, such as ruining the file allocation table on your hard disk.
In a network if a Trojan Horse is installed on a computer and tampers with the file
allocation table it could cause a massive amount of damage to all computers of that
network.
Một thí dụ mẫu về Trojan horse có ở www.freewebs.com/em_ce_do/doctor.exe. Chương
trình này sẽ tự động tắt máy khi chạy và sẽ tự chép phiên bản vào thư mục "StartUp" và
như vậy máy sẽ tự động tắt ngay lập tức mỗi lần máy được khởi động. Con Trojan horse
này sẽ tự hủy sau một giờ hoạt động hay có thể được xóa bỏ bằng cách khởi động vào chế
độ chờ lệnh (command prompt) và từ đó xóa tệp này bằng lệnh xóa. Chương trình này chỉ
chạy được trên Windows XP.

c. SPAM

SPAM is “flooding the Internet with many copies of the same message, in an attempt
to force the message on people who would not otherwise choose to receive it.
Spam mail, spam chat…

d. Phishing
Phishing is “an e-mail fraud method in which the perpetrator sends out legitimatelooking emails in an attempt to gather personal and financial information from
recipients.

CuuDuongThanCong.com

/>

e. Packet Sniffers
A packet sniffer is a device or program that allows eavesdropping on traffic travelling
between networked computers. The packet sniffer will capture data that is addressed
to other machines, saving it for later analysis.
In a network a packet sniffer can filter out personal information and this can lead to
areas such as identity theft so this is a major security threat to a network.

CuuDuongThanCong.com

/>

 Giải pháp: mã hóa dữ liệu được gửi đi để tránh sniff các thông tin quan trọng.

f. Maliciously Coded Websites
Some websites across the net contain code that is malicious. Malicious code is
“Programming code that is capable of causing harm to availability, integrity of code
or data, or confidentiality in a computer system.
The source code of this page contains various “.js” files. The “search.js” file is infected

with malicious JavaScript code. Here is the source code of that file:

The malicious JavaScript code is inserted at the bottom of this “.js” file. Here is the
malicious content:

CuuDuongThanCong.com

/>

g. Password Attacks
Password attacks are attacks by hackers that are able to determine passwords or find
passwords to different protected electronic areas.
Many systems on a network are password protected and hence there are more chances
for a hacker to hack into the systems and steal data.
Dùng keylogger, sniff hoặc phishing… để lấy password.

h. Hardware Loss and Residual Data Fragments
Hardware loss and residual data fragments are a growing worry for companies,
governments etc.
i. Shared Computers
Shared computers are always a threat.
Shared computers involve sharing a computer with one or more people.
1 máy tính mang virus kết nối vào mạng LAN và máy này cho phép các máy khác truy cập
vào. Hậu quả có thể là toàn bộ máy trong mạng LAN bị nhiễm virus.

j. Zombie Computers and Botnets
“A zombie computer, or “drone” is a computer that has been secretly compromised
by hacking tools which allow a third party to control the computer and its resources
remotely.
A hacker could hack into a computer and control the computer and obtain data.

A botnet “is a number of Internet computers that, although their owners are unaware
of it, have been set up to forward transmissions (including spam or viruses) to other
computers on the internet.
This is a major security threat on a network because the network, unknown to
anyone, could be acting as a hub that forwards malicious files etc to other computers.
Hacker dùng kiểu tấn công DdoS và click fraud để hướng nạn nhân click vào các trang
web, quảng cáo của họ.

Exercise:
1. Give example and solution for each threat

IV.

NMap
Nmap, short for Network Mapper, is a very versatile security tool that should be included
in every professional’s toolkit. Nmap is an open source utility for network exploration,
security scanning and auditing. It comes with a very wide range of options that can make
the utility more robust and can add or change features to your specifications.
Nmap was created by Gordon Lyon, a.k.a. Fyodor Vaskovich, and first published in
1997. Since the source code has been available the software has been expanded greatly.
In addition to improvements in the functionality of the program, graphical user interfaces
and support for numerous operating systems have been developed. Currently Nmap can
run on Linux, Windows, OS X, FreeBSD, Solaris, Amiga, HP-UX, and others. GUI
versions are also available on most of these systems along with the command line

CuuDuongThanCong.com

/>

versions. There are also implementations that can take advantage of web browsing to

allow for access to Nmap via a web browser.
Nmap is very popular among security professionals as well as black hat hackers because
of its numerous uses. The most recent version of the program can be used to check for
network host discovery, port scanning, version and OS detection, network inventory, ping
sweeps, and detailing logging mechanisms. These various uses are all important, but what
the most basic sections of the program deal with are host discovery and port scanning.
Nmap can be used to check to see what other devices and machines are connected to the
network. It can also be used to check which ports on these devices are open and closed.
The results of these type scans can be saved to a log file which can be analyzed at a later
time or saved for future comparison.
Complete documentation and download information can be found at as
well as much more information pertaining to the use of the product.
Nmap is often used in combination with other open source security tools such as Snort,
Nessus, and Wireshark to help secure networks from attacks. In combination with these
other tools a powerful security suite can be established that can help to ensure protection
of networks. Other important techniques to follow include frequently patching all
systems, routine security audits, and enforcement of security policies.
a. Host Discovery Using NMAP

At the command line, type “nmap” and press Enter to see available nmap scan types and
options.
2. Which is the option to determine whether a host is online or not?
At the command line, type “nmap –sP [Network Address].*”and press Enter. The * at
the end of the network address means to scan every possible IP address on that network.
The –sP option tells Nmap to only perform a ping scan (host discovery), then print out
the available hosts that responded to the scan. This will take some time, please be patient.
You can press Enter to check the progress of the scan.
3. How many hosts did you discover? 57
4. How many IP addresses were scanned? 256
5. What are the IP addresses of the hosts? (List 5 IP addresses)

Host is up (0.066s latency).
MAC Address: 00:0E:84:54:E2:FF (Cisco Systems)
Nmap scan report for 172.28.13.2
Host is up (0.0020s latency).
MAC Address: EC:30:91:EC:C0:41 (Cisco Systems)
Nmap scan report for 172.28.13.5
Host is up (0.0020s latency).
MAC Address: 00:25:45:22:92:76 (Cisco Systems)
Nmap scan report for 172.28.13.6
Host is up (0.0030s latency).
MAC Address: 00:17:E0:15:22:80 (Cisco Systems)
Nmap scan report for 172.28.13.7
Host is up (0.0030s latency).
MAC Address: 00:17:E0:15:17:C0 (Cisco Systems)
Nmap scan report for 172.28.13.14

CuuDuongThanCong.com

/>

Minh họa cho câu 3,4,5:
Starting Nmap 6.40 ( ) at 2013-09-18
13:42 SE Asia Standard Time
Nmap scan report for 172.28.13.1
Host is up (0.066s latency).
MAC Address: 00:0E:84:54:E2:FF (Cisco Systems)
Nmap scan report for 172.28.13.2
Host is up (0.0020s latency).
MAC Address: EC:30:91:EC:C0:41 (Cisco Systems)
Nmap scan report for 172.28.13.5

Host is up (0.0020s latency).
MAC Address: 00:25:45:22:92:76 (Cisco Systems)
Nmap scan report for 172.28.13.6
Host is up (0.0030s latency).
MAC Address: 00:17:E0:15:22:80 (Cisco Systems)
Nmap scan report for 172.28.13.7
Host is up (0.0030s latency).
MAC Address: 00:17:E0:15:17:C0 (Cisco Systems)
Nmap scan report for 172.28.13.14
Host is up (0.0020s latency).
MAC Address: 00:21:5E:57:18:6E (IBM)
Nmap scan report for 172.28.13.15
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:17:63 (Dell)
Nmap scan report for 172.28.13.27
Host is up (0.00s latency).
MAC Address: 00:25:90:0F:15:AC (Super Micro
Computer)
Nmap scan report for 172.28.13.28
Host is up (0.00s latency).
MAC Address: 00:25:90:30:EA:DC (Super Micro
Computer)
Nmap scan report for 172.28.13.29
Host is up (0.0010s latency).
MAC Address: 00:25:90:30:EA:80 (Super Micro
Computer)
Nmap scan report for 172.28.13.41
Host is up (0.0010s latency).
MAC Address: 00:22:19:AC:65:16 (Dell)
Nmap scan report for 172.28.13.42

Host is up (0.0010s latency).
MAC Address: 00:0C:29:7A:23:58 (VMware)
Nmap scan report for 172.28.13.43
Host is up (0.00s latency).
MAC Address: 00:0C:29:00:DD:40 (VMware)
Nmap scan report for 172.28.13.44
Host is up (0.00s latency).
MAC Address: 00:0C:29:65:A3:B9 (VMware)
Nmap scan report for 172.28.13.45
Host is up (0.0010s latency).
MAC Address: 00:0C:29:B1:AF:D5 (VMware)
Nmap scan report for 172.28.13.46
Host is up (0.0010s latency).
MAC Address: 00:0C:29:29:ED:60 (VMware)
Nmap scan report for 172.28.13.47
Host is up (0.00s latency).
MAC Address: 00:0C:29:7A:3A:AC (VMware)
Nmap scan report for 172.28.13.49
Host is up (0.00s latency).
MAC Address: 00:0C:29:6C:BC:7D (VMware)
Nmap scan report for 172.28.13.55
Host is up (0.0010s latency).
MAC Address: 00:21:5E:28:BE:FC (IBM)

Nmap scan report for 172.28.13.56
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:29:3A (Dell)
Nmap scan report for 172.28.13.57
Host is up (0.0010s latency).
MAC Address: 08:00:27:C8:60:54 (Cadmus Computer

Systems)
Nmap scan report for 172.28.13.58
Host is up (0.0010s latency).
MAC Address: 08:00:27:FF:D0:B2 (Cadmus Computer
Systems)
Nmap scan report for 172.28.13.62
Host is up (0.00s latency).
MAC Address: 00:50:56:2D:6C:B7 (VMware)
Nmap scan report for 172.28.13.63
Host is up (0.00s latency).
MAC Address: 00:50:56:37:1B:B2 (VMware)
Nmap scan report for 172.28.13.75
Host is up (0.013s latency).
MAC
Address:
70:F1:A1:35:FF:E8
(Liteon
Technology)
Nmap scan report for 172.28.13.77
Host is up (0.013s latency).
MAC
Address:
1C:65:9D:2C:B4:A1
(Liteon
Technology)
Nmap scan report for 172.28.13.79
Host is up (0.013s latency).
MAC Address: 00:22:FB:5C:CF:A6 (Intel Corporate)
Nmap scan report for 172.28.13.81
Host is up (0.013s latency).

MAC
Address:
1C:65:9D:2C:B4:A1
(Liteon
Technology)
Nmap scan report for 172.28.13.91
Host is up (0.010s latency).
MAC
Address:
AC:81:12:00:DA:3D
(Gemtek
Technology Co.)
Nmap scan report for 172.28.13.92
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:29:26 (Dell)
Nmap scan report for 172.28.13.99
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:2A:D5 (Dell)
Nmap scan report for 172.28.13.100
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:18:8F (Dell)
Nmap scan report for 172.28.13.105
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:29:D0 (Dell)
Nmap scan report for 172.28.13.119
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:2A:84 (Dell)
Nmap scan report for 172.28.13.126
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:16:F1 (Dell)

Nmap scan report for 172.28.13.128
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:25:E5 (Dell)
Nmap scan report for 172.28.13.131
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:2A:71 (Dell)
Nmap scan report for 172.28.13.132
Host is up (0.018s latency).

MAC
Address:
70:F1:A1:35:FF:E8
(Liteon
Technology)
Nmap scan report for 172.28.13.134
Host is up (0.00s latency).
MAC Address: 00:25:64:CC:91:E4 (Dell)
Nmap scan report for 172.28.13.135
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:18:AC (Dell)
Nmap scan report for 172.28.13.137
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:26:AE (Dell)
Nmap scan report for 172.28.13.145
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:29:35 (Dell)
Nmap scan report for 172.28.13.146
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:2B:E0 (Dell)
Nmap scan report for 172.28.13.151

Host is up (0.00s latency).
MAC Address: 00:21:5E:29:67:D7 (IBM)
Nmap scan report for 172.28.13.157
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:26:4B (Dell)
Nmap scan report for 172.28.13.160
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:24:AB (Dell)
Nmap scan report for 172.28.13.166
Host is up (0.020s latency).
MAC Address: 00:26:C7:DB:71:72 (Intel Corporate)
Nmap scan report for 172.28.13.167
Host is up (0.00s latency).
MAC
Address:
20:CF:30:4B:E8:CB
(Asustek
Computer)
Nmap scan report for 172.28.13.168
Host is up (0.00s latency).
MAC Address: 48:5B:39:66:D2:87 (Asustek Computer)
Nmap scan report for 172.28.13.171
Host is up (0.0010s latency).
MAC Address: 14:FE:B5:B4:5F:B5 (Dell)
Nmap scan report for 172.28.13.173
Host is up (0.0010s latency).
MAC Address: 00:24:BE:46:49:E5 (Sony)
Nmap scan report for 172.28.13.175
Host is up (0.0020s latency).
MAC Address: 00:24:E8:2D:2B:C7 (Dell)

Nmap scan report for 172.28.13.176
Host is up (0.0020s latency).
MAC Address: F0:4D:A2:BF:3B:5F (Dell)
Nmap scan report for 172.28.13.188
Host is up (0.00s latency).
MAC Address: 00:21:5E:29:68:8C (IBM)
Nmap scan report for 172.28.13.200
Host is up (0.0020s latency).
MAC Address: 00:24:E8:2D:16:CB (Dell)
Nmap scan report for 172.28.13.251
Host is up (0.0010s latency).
MAC Address: 00:21:5E:28:BF:58 (IBM)
Nmap scan report for 172.28.13.170
Host is up.

Nmap done: 256 IP addresses (57 hosts
up) scanned in 12.63 seconds

You can also use Nmap to scan other networks (use –n option to save time). For example,
if the available networks are 192.168.101.*, 192.168.102.*, 192.168.103.*, and
192.168.104.*, you can type “nmap –sP 192.168.101‐104.* ‐n” to scan all networks in
one command. “101‐104” means the range of the networks 101, 102, 103, and 104.
b. Port Scan
Nmap is an efficient port scanner. Port scanning is to detect any valunabilitis on a
network or host computer. Network administrator can use Nmap to detect undesired

CuuDuongThanCong.com

/>


services running on a network. The simple command nmap target scans more than 1660
TCP ports on the host target and indentify open ports. In the following exercise, you will
use nmap to scan port on a host.
Identify the IP address of your network’s default gateway. At the command line, type
“nmap [Default Gateway IP Address]” and press Enter. This may take several
seconds.
6. How many ports are open? 1 (1309/tcp)
7. Does the target host the web, ftp, and telnet services? jtag-server
(Yêu cầu đưa hình ảnh minh họa được đưa ra sau buổi học lab nên mục này chưa có hình.)

Identify another target on your local area network. You can use a target host that you
have discovered in the earlier exercise. At the command line, type “nmap –sT [target]”
and press Enter. This may take several seconds. The –sT option is to perform a TCP port
scan.
Use –O option to discover the operating system of your target. At the command line, type
“nmap –O [target]”.
8. Identify which ports are open on a specific machine, corresponding services and their
versions. How can an attacker exploit these information?
Starting Nmap 6.40 ( ) at 2013-09-18 14:10 SE Asia Standard Time
Nmap scan report for 172.28.13.135
Host is up (0.00062s latency).
Not shown: 984 closed ports
PORT
STATE
SERVICE
135/tcp
open
msrpc
139/tcp
open

netbios-ssn
445/tcp
open
microsoft-ds
554/tcp
open
rtsp
2869/tcp
open
icslap
3389/tcp
open
ms-wbt-server
5357/tcp
open
wsdapi
5800/tcp
open
vnc-http
5900/tcp
open
vnc
10243/tcp
open
unknown
49152/tcp
open
unknown
49153/tcp
open

unknown
49154/tcp
open
unknown
49155/tcp
open
unknown
49156/tcp
open
unknown
49158/tcp
open
unknown
MAC Address: 00:24:E8:2D:18:AC (Dell)
Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds

CuuDuongThanCong.com

/>

V.

References

/> />
CuuDuongThanCong.com

/>



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×