Scan your way to Security-Use NMAP (Network Mapper)

The use of a computer network to gather information regarding computing systems is referred as Network scanning. Scanning is one of three components and most important phase of information gathering for an attacker.

Scanning of network is mainly used for the security assessment, performing attacks by hackers and also for system maintenance. In security assessment or in case of hacker to perform network scan for attack mode we focus on following output result:

• Available TCP and UDP network services running on the victims.
• Identify the operating systems (OSs) used by targets from assessing IP responses
• Recognize the filtering system between the attacker and the victim/target.
• Target host's TCP sequence number predictability is evaluated to determine sequence prediction attack and TCP requests spoofing.

Scanning Types

1.      Network Scanning:  Find IP address in the network of the target

2.      Port Scanning :  Find open ports and services running on target

3.      Vulnerability Scanning: Find weakness or vulnerabilities on the target

For Network scanning we try to use different sets of tools like: Zenmap, Angry IP scanner, Nessus, etc but one of them lies on top and that is NMAP network scanner.

Nmap is an open source program released under the GNU General Public License and it is one of the leading Security Auditing and network Discovery tool used in the Scanning and Enumeration during the initial phase of pen-testing. It was originally created by created by Gordon “Fyodor” Lyon.

We can download nmap in different framework. In KALI LINUX we have pre-install nmap as well as zenmap. While for Windows and different OS platform we go for following link https://nmap.org/download.html

Nmap feature includes:

•  Scriptable interaction with the target
• Host discovery      
•  Port scanning
•  Version detection     
•  OS detection

CONCEPT
Following are different kinds of Nmap scan on a given network.

1. Start the Nmap scanner in kali and try to do a simple nmap scan on a particular IP using following syntax- nmap <IP>

2. Now let’s try to find out open TCP and UDP ports of that particular IP. Code for such execution is- nmap –sTU <IP>

3. When we are in a network and have to do whole network scan or range of IP’s or more system scan we go so subnet scanning. Syntax- nmap <range of IP>  

4. As per the view of a hacker he/she will try to get exploit on Operating system basis so it’s important for security purpose to get information and try to grab OS banner info. Syntax- nmap -O <IP>

5. One of the best scan modes we all prefer to go for is aggression scan from which we get almost all info that is important. Syntax- nmap -A <IP>

6.  Verbose mode provides us information how the process is going on and try to provide scan result as soon as possible. Syntax- nmap –v <IP>

7. In an environment consisting of Firewall we try to send packets in fragments and with different speed as well. Syntax- nmap -f <IP>

8. We do have an option of manual scan to get more finite and correct response of scan. We go for port scan using simple code of execution- nmap -p (Port no) <IP>

9. We can even trace the time of packet delivery using Trace-route scan. Syntax- nmap --treceroute <IP>

How to protect system from revealing unnecessary information

1.      Try to use network in VPN or NAT mode for protection of your system from getting scanned easily.

2.      Sub-netting is must to avoid less detection.

3.      Try to make fake OS banners to protect system from OS scan and making it hard to exploit also.

4.      Firewall and IDS/IPS are involved with proper configuration to protect from any uneven scan. We also try to involve Honeypot that also display us the information about a recent scan going on the target.

5.      Use LaBrea which is used from scanning software and even from a worm attack also.