Categories

Recent Comments

Scanning Systems

Written by admin on 26 December 2008

Active information gathering produces more details about your network and

helps you see your systems from a hacker’s perspective. For instance, you can

 

  •  Use the information provided by your Whois lookups and start testing

other closely related IP addresses and host names. When you map out —

enumerate — your network, you see how your systems are laid out.

This includes determining IP addresses, host names (both external

and internal), running protocols, open ports, and running services

and applications.

 

  •  Scan your internal hosts — if they are within the scope of your testing.

These hosts may not be visible to outsiders, but you should test them.

The hacker may be on the inside!

 

If you’re not completely comfortable scanning your systems, consider first

using a lab with test systems or a system running virtual-machine software

such as VMware Workstation or Microsoft’s Virtual PC. Some hacking tools

may not work as designed when you run them on virtual-machine software. If

you have trouble getting the software to load or hosts to respond, you may

have to run your tests against physically separate computers.

 

Hosts

 

Scan and document specific hosts that are reachable from the Internet. Start

by pinging either specific host names or IP addresses with one of these:

 

  •  The basic ping utility that’s built into your operating system

 

 

  • A third-party utility that allows you to ping multiple addresses at the

same time, such as SuperScan (www.foundstone.com) and NetScanTools

Pro (www.netscantools.com) for Windows and fping for UNIX (which

allows you to ping more than one address)

 

The site http://www.whatismyip.com shows how your gateway IP address appears

on the Internet. Just browse to that site. Your outermost public IP address

(your firewall or router — preferably not your local computer) appears.

 

Modems and open ports

 

Scan for modems and open ports by using network-scanning tools:

 

  •  Check for unsecured modems with war-dialing software, such as ToneLoc,

PhoneSweep, and THC-Scan.

  •  Scan network ports with SuperScan or Nmap (www.insecure.org/

nmap). You can use a happy-clicky-GUI version made for Windows called

NMapWin.

  •  Listen to network traffic with a network analyzer such as Ethereal. 

The NMApWin graphical interface

Scanning internally is easy. Simply connect your PC to the network, load up

the software, and fire away. Scanning from outside your network takes a few

more steps, but it can be done:

 

  •  For war dialing, scanning shouldn’t be an issue. You can just use one of

your internal analog lines to dial out from.

  •  Pinging and scanning is more complicated. The easiest way to connect

and get an “outside-in” perspective is to assign yourself a public IP

address and plug your workstation into a switch or hub on the public

side of your firewall or router. Physically, you’re not on the Internet looking

in, but this type of connection works just the same.

Tags: , , , ,
Posted in Introduction | No Comments »

Previous Topic
Next Topic

Leave a Reply

Creative Commons License
This work by Ashutosh Jha is licensed under a Creative Commons Attribution-Share Alike 2.5 India License.
Custom Search
SponsoredTweets referral badge

Enter your email address:

Delivered by FeedBurner

Chat Box


Loading

WP Shoutbox
Name
Website
Message
Smile
:mrgreen::neutral::twisted::arrow::shock::smile::???::cool::evil::grin::idea::oops::razz::roll::wink::cry::eek::lol::mad::sad:8-)8-O:-(:-):-?:-D:-P:-o:-x:-|;-)8)8O:(:):?:D:P:o:x:|;):!::?:

Recent Posts

Archives

Improve the web with Nofollow Reciprocity.