Scribd
Upload
4 views17 pages

1.3Understanding the Workings of Network Scanning Attacks

The document outlines a lab exercise focused on understanding network scanning attacks, which help attackers gather information about a target network's hosts, ports, and services. It details various scanning techniques, including SYN, TCP full connect, TCP null, TCP Xmas, FIN, and UDP scans, and emphasizes the importance of early detection by network defenders to prevent future attacks. The exercise provides step-by-step instructions for performing these scans using a specific target IP address.

Uploaded by

Ziad Nasr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views17 pages

1.3Understanding the Workings of Network Scanning Attacks

The document outlines a lab exercise focused on understanding network scanning attacks, which help attackers gather information about a target network's hosts, ports, and services. It details various scanning techniques, including SYN, TCP full connect, TCP null, TCP Xmas, FIN, and UDP scans, and emphasizes the importance of early detection by network defenders to prevent future attacks. The exercise provides step-by-step instructions for performing these scans using a specific target IP address.

Uploaded by

Ziad Nasr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Module 01: Network Attack and Defense Strategies

37 Minutes Remaining
Instructions Resources Help 100%
Exercise 3: Understanding the Workings of Network Scanning
Attacks

A network scanning attack helps attackers organize an attack on the targeted network.

Lab Scenario

An attacker scans the target network in order to extract valuable information about the hosts, ports,
and services in the network. This enables an attacker to decide on the various techniques and tools
to be used to perform the desired attack. A network defender should be aware of such network
scanning attempts. If detected at the early stage, it will help prevent future attacks.

Lab Objectives

This lab will demonstrate how the attacker runs various network scan attempts to find open ports
and services running on the target.

• SYN scan attempt


• TCP full connect scan attempt
• TCP null scan attempt
• TCP Xmas scan attempt
• FIN scan attempt
• UDP scan attempt

Overview of Network Scanning Attacks

Network scanning is a part of a reconnaissance attack that helps an attacker fingerprint the target
environment using the right techniques and tools for the subsequent attack phases.

Before executing this lab, Click PfSense Firewall VM to turn on pfSense firewall.

If you have already launched WebServer and AttackerMachine in the previous exercise, skip steps
from 1 to 6.

1. Click Web Server to launch Web Server VM. If Web Server is already launched, move
to step #5.
2. Click Ctrl+Alt+Delete link to login to Web Server Machine.
3. By default Administrator account is selected, click admin@123 and press Enter to
login.
4. The Network pane appears, click Yes.
5. Click Attacker Machine to launch attacker's VM.
6. Select user Bob, type password as user@123 and press Enter.
7. In this scenario, assume that the attacker is trying to target a machine with IP
address 10.10.10.16 (Web Server).
8. Open the terminal, type the sudo su command, and press Enter to access root
privileges.
9. To perform the SYN scan on the target machine, type the command nmap -sS
10.10.10.16 in the terminal and press Enter.
10. The output of the SYN scan appears, which provides the details like the state of the
port and the services running on the target system.
11. To perform the TCP Full connect scan, type the command nmap -sT -T4
10.10.10.16 and press Enter.
12. The output of the TCP Full scan provides the details like the state of port and the
services running on the target system.
13. To perform the TCP Null scan attack, type nmap -sN -T4 -A -v 10.10.10.16 and
press Enter.
14. The output of the TCP Null scan provides the details and state of as well as services
and version running on the target system.
15. To perform the Xmas scan, type nmap -sX -T4 10.10.10.16 and press Enter.
16. The output of TCP Xmas appears, as shown in the screenshot below.
17. The FIN scan exploits a subtle loophole in the TCP RFC to differentiate between
open and closed ports. To perform the FIN scan, type nmap -sF -T4 10.10.10.16 in the
terminal and press Enter.
18. The output of the FIN Scan appears, as shown in the screenshot below.
19. To perform the UDP scan, type nmap -sU -T5 10.10.10.16 in the terminal and
press Enter. Wait for some time for the scan to be completed.
20. The output of the UDP scan appears, as shown in the screenshot below. It shows
that UDP port 137 is open.
21. This demonstrates how valuable information on hosts, ports, and services can be obtained
from network scanning attempts by attackers, who later exploit this open information.

End of the Exercise

In this exercise, you have learned how an attacker runs various network scan attempts to find port
and services running on the target.

• SYN scan attempt


• TCP full connect scan attempt
• TCP null scan attempt
• TCP Xmas scan attempt
• FIN scan attempt
• UDP scan attempt

You might also like