Figure 9-3: Human Break-Ins(Hacking) Scanning phase Send attack probes to map the network and identify possible victim hosts Nmap programming is a popular program for scanning attacks(Figure 9-4)
11 Figure 9-3: Human Break-Ins (Hacking) • Scanning Phase – Send attack probes to map the network and identify possible victim hosts – Nmap programming is a popular program for scanning attacks (Figure 9-4)
Fi File Output Help Hidden Scan EXit options: General options IP Range Y connect 」 Dont Resolve TCP Ping Fragmentation to scan A SYN Stealth d Fast Scan 人TCP& CMP Get Identd Info v Ping sweep y UDP Port Sc d Range of Ports: ICMP Ping J Resolve All ⅴF|NStn y Dont Ping os Detection Bounce Scan r Use Decoy(s): Input File d Send on Device Type Hidden Scan Output from: nmap -sS ground Hidden Interesting ports on Port State Protocol service 13 daytime open ft open Identified P telnet t⊥e Host and ope finge 111 Open 13 auth login Ports 14 t pppp shell TCP Sequence Prediction+ Class=random positive increments Difficulty=14943 <worthy challenge) Remote operating system guess: OpenBSD 2.2-2.3 INteresting ports or Hidden Prnt nonl Serui cp 12
12 Figure 9-4: Nmap IP Range to Scan Type of Scan Identified Host and Open Ports
Figure 9-3: Human Break-Ins(Hacking) The term“ xploit” is Used in Different Ways Noun The actual break-in Noun: Exploit is the program used to make the break-in Verb: Attackers exploit the computer 13
13 Figure 9-3: Human Break-Ins (Hacking) • The Term “Exploit” is Used in Different Ways – Noun: The actual break-in – Noun: Exploit is the program used to make the break-in – Verb: Attackers exploit the computer
Figure 9-3: Human Break-Ins(Hacking) After the break -In the hacker Becomes invisible by deleting log files Creates a backdoor(way to get back into the computer) Backdoor account-account with a known password and super user privileges Backdoor program-program to allow reentry; usually Trojanized Rootkit--stealthy backdoor that cannot be detected by New the operating system Does damage at leisure 14
14 Figure 9-3: Human Break-Ins (Hacking) • After the Break-In, the Hacker – Becomes invisible by deleting log files – Creates a backdoor (way to get back into the computer) • Backdoor account—account with a known password and super user privileges • Backdoor program—program to allow reentry; usually Trojanized • Rootkit—stealthy backdoor that cannot be detected by the operating system – Does damage at leisure New
Figure 9-5: Distributed Flooding Denial-of-Service Attack Handler Zombie Attack Attack Command Command Attack Packet } Attacker Attack Packet 1.34.150.37 Attack Victim Command 60.1684747 Attack Zombie Command Attack<宝 Command Attack Packet The attacker installs handler and zombie programs on victims The attacker sends an attack command to handlers Handlers send attack commands to zombies The zombies overwhelm the victim with attack packets 15
15 Figure 9-5: Distributed Flooding Denial-of-Service Attack Victim 60.168.47.47 Attacker 1.34.150.37 Handler Handler Zombie Zombie Zombie Attack Command Attack Packet Attack Packet Attack Packet Attack Command Attack Command Attack Command Attack Command The attacker installs handler and zombie programs on victims The attacker sends an attack command to handlers. Handlers send attack commands to zombies. The zombies overwhelm the victim with attack packets