• Choose a category
• All
• Classic-Fiction

■ E-mail

■ IRC

■ ICQ

■ News

■ AIM

■ FTP

Understand IP Spoofing Techniques

A hacker can spoof an IP address when scanning target systems to minimize the chance of detection. One drawback of spoofing an IP address is that a TCP session can't be successfully completed.

Source routing lets an attacker specify the route that a packet takes through the Internet. This can also minimize the chance of detection by bypassing IDS and firewalls that may block or detect the attack. Source routing uses a reply address in the IP header to return the packet to a spoofed address instead of the attacker's real address.

To detect IP address spoofing, you can compare the time to live (TTL) values: The attacker's TTL will be different from the spoofed address's real TTL.

Exam Essentials

Know the three type of scanning. Port, network, and vulnerability scanning are the three types of scanning.

Know how to determine which systems are alive on the network. Know how to use ICMP query tools to perform ping sweeps to determine which systems are responding. Ping sweeps have limitations, and some systems may not respond to the ICMP queries.

Know how to perform port scanning using nmap. Learn the switches for performing nmap scanning using the nmap command. For example: nmap -sS performs a SYN scan.

Understand the uses and limitations of different scan types. Make sure you're familiar with TCP connect, SYN, NULL, IDLE, FIN, and XMAS scans and when each type should be used.

Understand the process of the TCP three-way handshake. The TCP connection process starts with a SYN packet sent to the target system. The target system responds with a SYN+ACK packet, and the source system sends back an ACK packet to the target. This completes a successful TCP connection.

Be familiar with port-scanning countermeasures. Implement firewalls that prevent internal systems from being scanned by blocking ping sweeps and port-scanning tools such as nmap. IDSs and IPSs can alert an administrator to a scan taking place on the network.

Know the uses of war dialing. War dialing is used to test dial-in remote access system security. Phone numbers are dialed randomly in an attempt to make an unsecured modem connection and gain access to the network.

Understand how to perform operating system fingerprinting using active and passive methods. Active fingerprinting means sending a request to a system to see how it responds (banner grabbing, for example). Passive fingerprinting is examining traffic sent to and from the system to determine the operating system.

Know how to surf the web anonymously using an anonymizer. Use a website anonymizer to hide the source address to make the system surfing the web appear anonymous.

Understand HTTP tunneling and IP spoofing. HTTP tunneling and IP spoofing are two methods of hiding the physical address or protocols that a hacker may be using. They're useful in evading firewalls and obfuscating the hacker's identity or whereabouts.

Enumeration

Enumeration occurs after scanning and is the process of gathering and compiling usernames, machine names, network resources, shares, and services. It also refers to actively querying or connecting to a target system to acquire this information.

What Is Enumeration?

The objective of enumeration is to identify a user account or system account for potential use in hacking the target system. It isn't necessary to find a system administrator account, because most account privileges can be escalated to allow the account more access than was previously granted.

Many hacking tools are designed for scanning IP networks to locate NetBIOS name information. For each responding host, the tools list IP address, NetBIOS computer name, loggedin username, and MAC address information.

On a Windows 2000 domain, the built-in tool net vi ew can be used for NetBIOS enumeration. To enumerate NetBIOS names using the net vi ew command, enter the following at the command prompt:

Hacking Tools