Part 1: Download and install the NMAP (Network MAPper) program; it is available
ID: 3857395 • Letter: P
Question
Part 1: Download and install the NMAP (Network MAPper) program; it is available fromhttp://insecure.org/ for Windows, OS X and Linux. You may need to install a winpcap driver as well or a similar driver for your OS. You may also want to install a GUI front-end; I like Zenmap. You can do everything necessary from the command line, and without the GUI add-on.
Perform the following scan: nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 scanme.nmap.org
That is the default "intense scan" with Zenmap. You will be scanning the server "scanme.nmap.org." Do not perform the scan more than once. Do not scan anything else unless you own it!
Tell the following:
What ports are openWhat is the best guess at the OS running on the serverWhat is running on port 80?
Tell two other things NMAP found. Pick the two you deem most important.
Part 2: Explain why blocking ping (ICMP echo request) packets at an organization's edge router is not an effective defense against ping flood attacks where the attacker is trying to consume bandwidth. Describe an effective defense against such an attack. Your answer must have enough detail to show that you understand the concept.
Explanation / Answer
After scanning the command given in N-Map we got open ports as
Discovered open port 22/tcp on 45.33.32.156
Discovered open port 25/tcp on 45.33.32.156
Discovered open port 53/tcp on 45.33.32.156
Discovered open port 80/tcp on 45.33.32.156
The OS that is runing on the server is Linux 3.10 - 4.8
and OS CPE is "cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4"
It is running " Apache httpd 2.4.7 ((Ubuntu))" on PORT 80
PART 2 : PING FLOOD OR (ICMP FLOOD) is a Denial of Service (DoS) attack where attacker damage the host computer by sending or overwhelming with ICMP echo requests or pings.
The attacker flooding the victim,s network by request packets and the network reply with equal number of packets . It affects both the outgoing and incoming channels by consuming significant bandwidth and resulting in a denial of service.
The attacker can be of threee categories . 1) A targeted local disclosed ping flood where attacker targets a single computer on a local network The after knowing the physical IP adress take down the system.2) A router disclosed ping flood
Attacks routers in order to disrupt communications 3) A blind ping flood where attacker using an external program to uncover the IP address of the target computer or router
Therec are some ping commands which used to attck The –n command, which is used to specify the number of times a request is sent.The –l command, and the -t command
Now this flooding attack can be prevented by reconfiguring the firewall which will block attacks originating from outside But to block the internal attacks it is not usefull ,
this blocking of ping requests can have many consequences like inability to diagnose server issues moreover this blocking mechanism only work if the packet size or rate is low like 25 packets per second but for higher rate it does not work .
The effective defense mechanism for flodding attacks are :
1) Using a modified version of TCP connection handling code.
This can be achieved by sending a packet to the server, and it creates and encodes critical information about the connection and sends a SYN-ACK packet with the cookie information
If someone responds then the response contains the encoded cookie which the server can decode and reconstruct information about the connection
2) Using the "random drop" mechanism where an incomplete connection will drop randomly.
3) Filtering Spoofed Packets
Filtering mechanisms are designed to prohibit DoS attack traffic
with spoofed source addresses from reaching the target, by dropping packets with
false IP addresses.Many DoS attackers rely on IP address spoofing to hide the origin of an attack.there are many types of filtering ,such as
Martian Address Filtering and Source Address Validation
Ingress/Egress Filtering
Route-Based Filtering
Source Address Validity Enforcement Protocol
Hop-Count Filtering
Another mechanism to prevent this error is Self-certifying Addresses.