The risks associated with port scans include, crashing the host system, and various legal issues. This type of scan is a little more stealthy than a SYN scan but most modern IDS systems can possibly be configured to detect them. FIN scans may be able to sneak through certain non-stateful firewalls and packet filtering routers. FIN scans work at a much slower pace than SYN scans to help avoid detection. As an alternative, the “FIN scan”, as seen in figure 2, is the preferred method to help avoid being detected by an Intrusion Detection System. It must also be noted that although a TCP “SYN scan” performs quicker scans, it’s susceptible to being identified by Intrusion Detection Systems (IDS) and is not very stealthy. This information is invaluable to an attacker because they can potentially gain unauthorized access into an unsuspecting network stealing valuable sensitive data. The port scan’s main goal is to see whether a TCP port is open, closed, or blocked. Port scanning is a technique used by security professionals and cyber criminals alike to identify any existing vulnerabilities within a network. Kali Linux will be used to exploit Metasploitable 2 both of which are running inside of Parallels 10 virtual machines. This experiment will be conducted on a 2009 Mac Pro running OS X Yosemite 10.10.4.
Wireshark is instrumental in helping security professionals dissect intersected communications to formulate new security policies and put new safeguards in place. In order for network administrators, penetration testers, or any other type of security experts to combat cyber crimes, it’s critical that they know how to use the same tools that the criminals do. Areas to be explored are the exploit type, impact of the exploit, vulnerability type, and any other relevant information.
This purpose of this document is to examine the results of several Wireshark captures.
0 kommentar(er)
