Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CIT294 Chapter 3
CIT294 Ethical Hacking Chapter 3 Scanning and Enumeration Terms
| Question | Answer |
|---|---|
| Scanning | first phase of active hacking. Used to identify IP addresses, the operating system in use, and services running on the system. |
| Port scanning | Determines open ports and services |
| Network scanning | ID IP addresses on given network or subnet |
| Vulnerability scanning | discovers presence of known weaknesses on target systems |
| Well-known ports | 0 - 1023 |
| Registered ports | 1024 - 49151 |
| Dynamic ports | 49152 - 65535 |
| FTP ports | 20 and 21 |
| Telnet port | 23 |
| HTTP port | 80 |
| SMTP port | 25 |
| POP3 | 110 |
| HTTPS port | 443 |
| Ping sweep | all systems that respond with ping reply are considered live systems. Also known as ICMP scan. Hacking tools include: Pinger, Friendly Pinger, WS_Ping_Pro |
| Stateful firewall | examines the data of the packet as well as the TCP header to allow traffic to flow through |
| Nmap | Free, open source tool that performs ping sweeps, port scanning, service identification, IP address detection, and OS detection. Can scan multiple systems at once. |
| Nmap port states | open, unfiltered, and filtered |
| Nmap scan TCP connect | Attacker makes a full TCP connection to the target system |
| Nmap scan XMAS tree scan | Attacker checks for TCP services by sending XMAS-tree packets which are named because all the “lights” are on, meaning FIN, URG, and PSH flags are set |
| Nmap scan SYN stealth scan | Also known as half-open scanning. Hacker sends SYN packet and receives a SYN-ACK back but never completes the 3-way handshake. |
| Nmap scan Null scan | Advanced scan that may pass through firewalls undetected. All flags are off or not set. |
| Nmap scan Windows scan | This type of scan is similar to ACK scan and can detect open ports |
| Nmap scan ACK scan | This type of scan is used to map out firewall rules. ACK only works on Linux/UNIX |
| TCP 3-way handshake | required before communication can take place when using TCP at the Transport layer. SYN, SYN ACK, ACK |
| TCP Flag SYN | Synchronize. Initiates a connection between hosts. |
| TCP Flag ACK | Acknowledge. Established connection between hosts. |
| TCP Flag PSH | Push. System is forwarding buffered data. |
| TCP Flag URG | Urgent. Data in packets must be processed quickly. |
| TCP Flag FIN | Finish. No more transmissions. |
| TCP Flag RST | Reset. Resets the connection |
| TCP Scan Tools | IPEve, ICMPemun, Hping2, SNMP scanner |
| War Dialing | Process of dialing modem numbers to find an open modem connection that provides remote access to a network for an attack to be launched. Hacking tools include: TCH-Scan, PhoneSweep, TeleSweep |
| Banner grabbing | process of opening a connection and reading the banner or response sent by the application since many email, FTP, and web servers will respond with the name and version of the software. |
| OS Fingerprinting | fingerprinting the TCP/IP stack to determine the OS used. Can be active or passive |
| Enumeration | Process of gathering and compiling user names, machine names, nw resources, shares, and services. Also can refer to actively querying or connecting to a target to get this info. |
| Null session | Occurs when you log in to system with no username or password. Vulnerability found in Common Internet File System (CIFS) or SMB. Hacker can connect using null session and get dump of all usernames, groups, shares, permission, services and more! |
| SNMP | Simple Network Management Protocol |
| Two types of components SNMP | SNMP agent and management station |
Created by:
Leisac
Popular Computers sets