Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Network scanning
1. Network Basics
• A netowk consist of 3 parts
1. IP Address
2. Services
3. Port
• IP Addresses
– An address is comprised of two parts- a network address
and a host address and determined by the subnet mask.
– A simple example is 192.168.1.1 with a subnet mask of
255.255.255.0.
• 192.168.1 is the network address (the 192.168.1.0 network) and
.1 is a host address on that network.
Oceanofwebs.com 1
2. • Services
– The network protocol that listens for incoming
connection requests and links the server application
with the client
– Typically each service runs on a set of specific ports
– In actuality, any service can run on any port
• Therefore, you should put only limited trust in port/service
mappings.
– Use an application scanner (service detection) to
ensure find out what application is really running on
that port.
– Nmap has service detection
2Oceanofwebs.com
3. • Ports
• A port is where a service listens for connections
• Common services use common well-known ports
• Could use any port as long as both the server and
the client know which port to connect to
• Ports allow different services to be available from
one location or IP Address
3Oceanofwebs.com
4. Scanning
• Types of scanning
– Host (Ping) Scanning
– Port Scanning
– Vulnerability Scanning
4Oceanofwebs.com
5. Host Scanning
• Hackers perform host scanning to locate
and identify hosts on the network.
• Usually by “pinging” a range of IP
addresses.
• Host which respond to pings may be
targeted for attack.
5Oceanofwebs.com
6. Port Scanning
• Hackers perform Port Scans to determine what
services a host may be running.
• By knowing the services the hacker can attempt
attacks against known vulnerabilities in the
service.
• Port scans attempt to make initial connection to
service running on a particular port number.
• Port scans are invasive and are easily detected by
Intrusion Detection and/or firewalls.
6Oceanofwebs.com
7. Vulnerability Scanning
• What is vulnerability scanning?
– Used to find known flaws within an application
or network.
– These scanning tools are typically signature
based and can only find vulnerabilities that the
tools know about.
– Many good commercial and freeware tools are
available.
7Oceanofwebs.com
8. Scanning Tools
• Host & Port Scanning
– Nmap
• Vulnerability Scanning
– GFI and Nessus
8Oceanofwebs.com
10. Scanning Tool - Nmap
• The only port scanner you’ll need
• Pros
– FREE
– Continually Updated
– OS Detection and Service Detection
– Support for both Windows and Unix
• Cons
– No standard Graphical User Interface
LINK: (www.insecure.org)
10Oceanofwebs.com
11. Scanning Tool- SuperScan
Pro’s
– FREE download from Foundstone
– Very stable, Fairly fast
– Graphical User Interface
Con’s
– Windows version only
– No stealth options, no Firewall Evasion
– Service Detection/Application Mapping
• LINK: (www.foundstone.com)
11Oceanofwebs.com
13. Scanning Tool – Nessus
• Pros
– Nessus is free
– Large plugin or signature base
– You can customize and create new plugins
• Cons
– Tenable took Nessus private (closed source)
– Purchasing plans for new plugins
– Shareware plug-ins are seven days behind
LINK: (www.nessus.org)
13Oceanofwebs.com
14. Scanning Tool –
GFI LANguard Network Security Scanner
• Pros
– Port Scanner, Enumeration, and Vulnerability Scanner
– Many features such as SNMP and SQL brute force
– Great for Windows networks
• Cons
– Lacks extensive signatures for other operating systems
– Look to Nessus for scanning heterogeneous networks
14Oceanofwebs.com