Diffie-Hellman Algorithm

Diffie-HellmanIn the previous article, I provided an overview of asymmetric encryption. Today, we begin our look at asymmetric algorithms, starting with Diffie-Hellman.

The biggest problem in symmetric cryptography is the security of the secret key. Obviously, you cannot transmit transmit the key over the same medium as the ciphertext, since any unauthorized parties observing the communications could use the key to decode the messages. Prior to the development of asymmetric cryptography and the Diffie-Hellman key exchange, secret keys were exchanged using trusted private couriers and other out-of-band methods.

In the mid-1970s, Whitfield Diffie and Martin Hellman published the Diffie-Hellman algorithm for key exchange, which allowed a secret key to be transmitted securely over an insecure line. This was the first published use of public-key cryptography, and one of the cryptography field’s biggest advances. With the Diffie-Hellman algorithm, the DES secret key – sent with a DES-encrypted payload message – could be encrypted via Diffie-Hellman by one party, and decrypted only by the intended recipient.

Because of the inherent slowness of asymmetric cryptography, the Diffie-Hellman algorithm was not intended for use as a general encryption scheme. Rather, its purpose was to transmit a private key for DES (or a similar symmetric algorithm) across an insecure medium. In most cases, Diffie-Hellman is not used for encrypting a complete message, because it is much slower than DES, depending on implementation.

The Diffie-Hellman Key Exchange in Practice

In practice, this is how a key exchange using Diffie-Hellman works:

  1. Two parties agree on two numbers; one is a large prime number, the other is a small integer number. This can be done in the open, as it does not affect security.
  2. Each of the two parties separately generate another number, which is kept secret. This number is equivalent to a private key. A calculation is made involving the private key and the previous two public numbers. The result is sent to the other party. THe result is effectively a public key.
  3. The two parties exchange their public keys. They then perform a calculation involving their own private key and the other party’s public key. The resulting number is the session key. Each party should arrive at the same number.
  4. The session key can be used as a secret key for another cipher, such as DES. No third party monitoring the exchange can arrive at the same session key without knowing one of the private keys.

The simplest and the original implementation of the protocol uses the multiplicative group of integers modulo p, where p is prime and g is primitive root mod p. Actual implementations require using large numbers to achieve security. The protocol is considered secure if the initial numbers are chosen properly. The eavesdropper would have to solve the Diffie-Hellman problem to obtain the secret keys. This is currently considered difficult. An efficient algorithm to solve the discrete logarithm problem would make it easy to compute a or b and solve the Diffie-Hellman problem, making this and many other public key cryptosystems insecure.

Diffie-Hellman’s greatest strength is that anyone can know either or both of the sender’s and recipient’s public keys without compromising the security of the message. Both the public and private keys are actually very large integers. The Diffie-Hellman algorithm takes advantage of complex mathematical functions known as discrete logarithms, which are easy to perform forward, but extremely difficult to inverse. Secure Internet Protocol (IPSec) uses the Diffie-Hellman algorithm in conjunction with the Rivest, Shamir, & Adleman (RSA) authentication to exchange a session key used for encrypting all traffic that crosses the IPsec tunnel.

External Links:

Diffie-Hellman key exchange at Wikipedia

Asymmetric Encryption

asymmetric encryptionThe biggest disadvantage to using symmetric encryption algorithms relates to key management. In order to ensure confidentiality of communication between two parties, each communicating pair needs to have a unique secret key. As the number of communicating pair needs to have a unique secret key, As the number of communicating pairs increases, there is a need to manage a number of keys related to the square of the communicators, which quickly becomes a complex problem.

Introducing Asymmetric Encryption

Asymmetric encryption algorithms were developed to overcome this limitation. Also known as public-key cryptography, these algorithms use two different keys to encrypt and decrypt information. If cleartext is encrypted with an entity’s public key, it can only be decrypted by the public key. The basic principle is that the public key can be freely distributed, while the private key must be held in strict confidence. The owner of the private key can encrypt cleartext to create cyphertext that can only be decoded with its public key, thus assuring the identity of the source, or it can use the private key to decrypt cyphertext encoded with its public key, assuring the confidentiality of the data. Although these keys are generated together and are mathematically related, the private key cannot be derived from the public key.

Instead of relying on the techniques of substitution and transportation that symmetric key cryptography uses, asymmetric encryption algorithms rely on the use of large-integer mathematics problems. Many of these problems are simple to do in one direction but difficult to do in the opposite direction. For example, it is easy to multiply two numbers together, but it is more difficult to factor them back into the original numbers, especially if the integers used contain hundreds of digits. Thus, in general, the security of asymmetric encryption algorithms is dependent not upon the feasibility of brute-force attacks, but the feasibility of performing difficult mathematical inverse operations and advances in mathematical theory that may propose new “shortcut” techniques.

Asymmetric encryption  is much slower than symmetric encryption. There are several reasons for this. First, it relies on exponentiation of both a secret and public exponent, as well as generation of a modulus. Computationally, exponentiation is a processor-intensive operation. Second, the keys used by asymmetric encryption algorithms are generally larger than those used by symmetric algorithms, because the most common asymmetric attack, factoring, is more efficient than the most common symmetric attack: brute force.

Because of this, asymmetric encryption algorithms are typically used only for encrypting small amounts of information. In subsequent articles, we will example different asymmetric algorithms, such as Diffie-Hellman, RSA, and El Gamal.

External Links:

Public-key cryptography at Wikipedia

AES and IDEA Encryption Algorithms


The subbytes step of AES encryption.

AES Encryption

Because of the small key size of 56 bits, DES can’t withstand coordinated brute-force attacks using modern cryptanalysis; dedicated machines can now break DES within a day. Consequently, The National Institute of Standards and Technology (NIST) selected the Advanced Encryption Standard (AES) as the authorized Federal Information Processing Standard (FIPS) 197 for all non-secret communications by the U.S. government, which became effective in May 2002. AES is included in the ISO/IEC 18033-3 standard. AES has the following important characteristics:

  • Private key symmetric block cipher (similar to DES)
  • Stronger and faster than 3DES
  • Life expectancy of at least 20 to 30 years
  • Supports key sizes of 128 bits, 192 bits, and 256 bits
  • Freely available to all; royalty free, non-propriety, and not patented
  • Small footprint: AES can be used effectively in memory and in central processing unit (CPU) limited environments such as smart cards

It should be noted that the AES (Rjindael) algorithm was selected by NIST from a group that included four other finalists: MARS, RC6, Serpent, and Twofish. It was developed by Belgian cryptographers Dr. Joan Daemen and Dr. Vincent Rijmen. (The name Rjindael is a play on the names of the two inventors, Daemen and Rijmen.) It seems resistant to side-channel attacks such as power- and timing-based attacks, which are attacks against a hardware implementation, not against a particular algorithm. For example, power-and timing-based attacks measure the time it takes to encrypt a message or the minute echanges in power consumption during the encryption and decryption process. Occassionally, these attacks are sufficient enough to allow hackers to recover keys used by the device.

Unlike DES, which uses Feistel cycles in each round, Rijindael uses iterative rounds like International Data Encryption Algorithm (IDEA). It is a minor revision of an earlier cipher, Proposed Encryption Standard (PES). Data operates on 128-bit chunks, which are grouped into four groups of 4 bytes each. The number of rounds is also dependent on the key size, such that 128-bit keys have 9 rounds, 192-bit keys have 11 rounds, and 256-bit keys have 13 rounds. Each round consists of a substitution step of one S-box per data bit, followed by a pseudo-permutation step in which bits are shuffled between groups. Then each group is multiplied out in a matrix fashion and the results are added to the subkey for the round.

IDEA Encryption

The European counterpart to the DES algorith is the IDEA. Unlike DES, which it was intended as a replacement for, it is a considerably faster and more secure. IDEA’s enhanced speed is due to the fact that each round consists of simpler operations than in the Feistel cycle in DES. IDEA uses simple operations like exclusive or (XOR), addition and multiplication, which are more efficient to implement in software than the substitution and permutation operations of DES. Addition and multiplication are the two simplest binary calculations for a computer to perform, and XOR is also a simple operation.

IDEA operates on 64-bit blocks with a 128-bit key, and the encryption/decryption process uses eight rounds with six 16-bit subkeys per round. The IDEA algorithm is patented both in the U.S. and in Europe, but free non-commercial use is also permitted. IDEA is widely recognized as one of the components of Pretty Good Privacy (PGP) version 2.0. It is also an optional algorithm in the OpenPGP standard. IDEA was developed in the early 1990s by cryptographers James Masey and Xuejia Lai as part of a combined research project between Ascom and the Swiss Federal Institute of Technology. The algorithm was patented in a number of countries, but was freely available for non-commercial use. “IDEA” is also a trademark. The last patents expired in 2012, and IDEA is now free to use for both commercial and non-commercial purposes.

External Links:

Advanced Encryption Standard (AES) at Wikipedia

International Data Encryption Algorithm (IDEA) at Wikipedia

Data Encryption Standard (DES)

Data Encryption Standard

Data Encryption Standard (DES).

The most commonly used type of encryption is symmetric encryption, which is aptly named because it uses one key for both the encryption and decryption process. Symmetric encryption is also commonly referred to as secret-key encryption and shared-secret encryption, but all terms refer to the same class of algorithm.

The reason why symmetric encryption systems are abundant is speed and simplicity. The strength of symmetric algorithms lies primarily in the size of the keys used in the algorithms, as well as the number of cycles each algorithm employs. The cardinal rule is “fewer is faster”.

By definition, all symmetric algorithms are theoretically vulnerable to brute-force, which are exhaustive searches of all possible keys. Brute-force attacks involve methodically guessing what the key to a message may be. Given that all symmetric algorithms have a fixed key length, there are a large number of possible keys that can unlock a message. Brute-force attacks methodically attempt to check each key until the key that decrypts the message is found. However, brute-force attacks are often impractical, because of the amount of time necessary to search the keys is greater than the useful life expectancy of the hidden information. No algorithm is truly unbreakable, but a strong algorithm takes so long to crack that it is impractical to try. Because brute-force attacks originate from computers, and because computers are continually improving in efficiency, an algorithm that may be resistant to attacks by computers 5 to 10 years in the future.

Data Encryption Standard

Among the oldest and most famous encryption algorithms is the Data Encryption Standard (DES), the use of which has declined with the advent of algorithms that provide improved security. DES was based on the Lucifer algorithm invested by Horst Feistel. Essentially, DES uses a single 64-bit key – 56 bits of data and 8 bits of parity – and operates on data in 64-bit chunks. This key is broken into 16 48-bit subkeys, one for each round, which are called Feistel cycles.

Each round consists of a substitution phase, wherein the data is substituted with pieces of the key, and a presentation phase, wherein the substituted data is scrambled (re-ordered). Substitution operations, sometimes referred to as confusion operations, occur within S-boxes. Similarly, permutation operations (sometimes called diffusion operations) are said to occur in P-boxes. Both of these operations occur in the “F Module”. The security of DES lies in the fact that since the substitution operations are non-linear, the resulting ciphertext does not resemble the original message. The permutation operations add another layer of security by scrambling the already partially encrypted message.

Triple DES (3DES) and DESX are methods that attempt to use the DES cipher in a way that increases in security. Triple DES uses three separate 56-bit DES keys as a single 168-bit key, though sometimes keys 1 and 3 are identical, yielding 112-bit security. DESX adds an additional 64 bits of key data. Both 3DES and DESX are intended to strengthen DES against brute-force attacks. it would take many years to decrypt 3DES encrypted date (depending on available computing power). However, 3DES is inefficient because it requires two to three times the processing overhead as a single DES.

Shortcomings of Data Encryption Standard

For Data Encryption Standard, questions were raised about the adequacy of its key size from the start, even before it was adopted as a standard, and it was the small key size which dictated a need for a replacement algorithm. In academia, various proposals for a DES-cracking machine were advanced. Although there is no known publicly acknowledged implementation of these Data Encryption Standard-cracking machines, by the late 1990s, the vulnerability of DES was practically demonstrated. In 1997, RSA Security sponsored a series of contests, offering a $10,000 prize to the first team that broke a message encrypted with DES for the contests. That contest was won by the DESCHALL Project. The feasibility of cracking DES quickly was demonstrated in 1998 when a custom DES-cracker was built by the Electronic Frontier Foundation (EFF) at the cost of approximately $250,000 (u.S.). They were able to crack a DES key using a brute-force attack in less than two days. Subsequent improvements in processing power employed by other DES crackers reduced this time to less than a day. Because of the ease with which DES could be cracked, the National Institute of Standards and Technology (NIST) selected the Advanced Encryption Standard (AES) as the authorized Federal Information Processing Standard (FIPS) 197 for all non-secret communications by the U.S. government, which became effective in May 2002.

External Links:

Data Encryption Standard (DES) on Wikipedia

Cryptography: An Introduction

CryptographyIn previous blog postings, I have discussed how the open source community has created powerful packet sniffing tools, and how they can be used either to administer your network or to attack it. Because these sniffing tools are open source, and because it is relatively easy to place a Linux host on your company network, you need to consider ways to minimize improper use of packet capturing tools. Encryption solutions, such as Secure Shell (SSH) and Kerberos, are two common solutions to this problem.

Algorithms are the underlying foundation of cryptography. Thus, we will look at the basics of algorithms first, starting with symmetric and asymmetric encryption.

Cryptography Defined

Cryptography predates the computer era; as long as people have been writing down information, there has been a need to keep some information secret, either by hiding its existence or changing its meaning. Encryption, a type of cryptography, refers to the process of scrambling information so that the casual observer cannot read it. An algorithm is a set of instructions for mixing and rearranging an original message (called plaintext), with a message key to create a scrambled message, referred to as ciphertext. Similarly, a cryptographic key is a piece of data used to encrypt plaintext to ciphertext, and ciphertext to plaintext, or both, depending on the type of encryption.

The word crypto has its origins in the Greek word kruptos, which means hidden. The objective of cryptography is to hide information so that only the intended recipients can read it. In crypto terms, the hiding of information is called encryption, and when information becomes readable, it is called decryption. A cipher is used to accomplish the encryption and decryption. The information that is being hidden is called plaintext; once it has been encrypted, it is called ciphertext. The ciphertext is transported to the intended recipient or recipients, where it is decrypted back into plaintext.

Finally, there are two different subclasses of algorithms: block ciphers and stream ciphers. Block ciphers work on blocks or chunks of text in a series. In contrast a stream cipher operates on each individual unit, either letters or bits, of a message.

There are many different encryption algorithms, and in each case, there are tradeoffs between security, speed, and ease of implementation. Here, security indicates the likelihood of an algorithm to stand up to current and future attacks, speed refers to the processing prower and time required to stand up to current and future attacks, speed refers to the processing power and time required to encrypt and decrypt a message, and ease of implementation refers to an algorithm’s predisposition (if any) to hardware or software usage. Each algorithm has different strengths and drawbacks and none of them are ideal in every way. The key algorithms fall into three main categories:

  • Symmetric cryptography
  • Asymmetric cryptography
  • Hashing algorithms

In the next few articles, we will review each of these categories.

External Links:

Cryptography at Wikipedia

Cryptography I – enroll in a free 6-week course in cryptography at coursera.org

Intrusion Detection Systems: How They Work

intrusion detection systemIn this article, we’ll take a look at the elements of an IDS. First, you have to understand what the IDS is watching. The particular kinds of data input will depend on the kind of IDS, but in general there are three major divisons:

  • Application-specific information such as correct application data flow
  • Host-specific information such as system calls used, local log content, and file system permissions
  • Network-specific information such as the contents of packets on the wire or hosts known to be attackers

A DIDS may watch any or all of these, depending on what kinds of IDSes its remote sensors are. The IDS can use a variety of techniques in order to gather this data, including packet sniffing – generally in promiscuous mode in order to capture as much network data as possible – log parsing for local system and application logs, system call watching in the kernel to regulate the acceptable behavior of local applications, and file system watching in order to detect attempted violation of permissions.

Finding Intrusions

After the IDS has gathered the data, it uses several techniques to find intrusions and intrusion attempts. Much like firewalls, an IDS can adopt a known-good or a known-bad policy. With the former technique, the IDS is set to recognize good or allowed data, and to alert on anything else. Many of the anomaly detection engines embrace this model, triggering alerts when anything outside of a defined set of statistical parameters occurs. Some complex protocol models also operate on known-good policies, defining the kinds of traffic that the protocols allow and alerting on anything that breaks the mold. Language-based models for application logic also tend to be structured as known-good policies, alerting on anything not permitted in the predefined structure of acceptable language or application flow.

Known-bad policies are much simpler; they do not require a comprehensive model of allowed input, and alert only on data or traffic known to be a problem. Most signature-based IDS engines work from a known-bad model, with an ever-expanding database of malicious attack signatures. Known-good and known-bad policies can work in conjunction within a single IDS deployment, using the known-bad signature detection and the known-good protocol anomaly detection in order to find more attacks.

How to Respond

Finally we should consider what the IDS does when it finds an attempted attack. There are two general categories of response: passive response, which may generate alerts or log entries but does not interfere with or manipulate the network traffic, and active response, which may send reset packets to disrupt Transmission Control Protocol (TCP) connections, drop traffic if the IDS is inline, add the attacking host to block lists or otherwise actively interact with the flow of dubious activity.

External Links:

Intrusion detection system on Wikipedia

Intrusion Detection Systems: An Introduction

intrusion detection systemAn intrusion detection system (IDS) is the high-tech equivalent of a burglar alarm. It is a device or software application that is configured to monitor information gateways, hostile activities, and known intruders, and produces reports to a management station. An IDS is a specialized tool that knows how to parse and interpret network traffic and/or host activities. This data can range from network packet analysis to the contents of log files from routers, firewalls, and servers, local system logs and access calls, network flow data, and more. Furthermore, an IDS often stores a database of known attack signatures and can compare patterns of activity, traffic, or behavior it sees in the data it’s monitoring against those signatures to recognize when a close match between a signature and current or recent behavior occurs. At that point, the IDS can issue alarms or alerts, take various kinds of automated actions ranging from shutting down Internet links or specific servers to launching back-traces, and make other active attempts to identify attackers and collect evidence of their nefarious activities.

By analogy, an IDS does for a network what an antivirus software package does for files that enter a computer system: it inspects the contents of network traffic to look for and deflect possible attacks just as an antivirus software package inspects the contents of incoming files, e-mail attachments, active Web content, and so forth to look for virus signatures or for possible malicious actions.

Intrusion detection means detecting unauthorized use of or attacks upon a system or network. An IDS is designed and used to detect such attacks or unauthorized use of systems, networks, and related resources, and then in many cases to deflect or deter them if possible. Like firewalls, IDSes can be software-based or can combine hardware and software in the form of pre-installed and preconfigured stand-alone IDS devices. IDS software may run on the same device or server where the firewall or other services are installed will monitor those devices with particular closeness and care. Although such devices tend to be deployed at network peripheries, IDSes can detect and deal with insider attacks as well as external attacks, and are often very useful in detecting violations of corporate security policy and other internal threats.

Types of Intrusion Detection Systems

There are several types of IDSes. It is possible to distinguish IDSes by the kinds of activities, traffic, transactions, or systems they monitor. IDSes that monitor network links and backbones looking for attack signatures are called network-based IDSes, whereas those that operate on hosts and defend and monitor the operating and file systems for signs of intrusion are called host-based IDSes. Groups of IDSes functioning as remote sensors and reporting to a central management station are know as distributed IDSes (DIDSes). A gateway IDS is a network IDS deployed at the gateway between your network and another network, monioriting the traffic passing in and out of your network at the transit point. IDSes that focus on understanding and parsing application-specific traffic with regard to the flow of application logic well as the underlying protocols are often called application IDSes.

Most commercial environments use a combination of network, host and/or application-based IDSes to observe what is happening on their networks while also monitoring key hosts and applications more closely. In addition, some IDSes use signature detection, using a database of traffic or activity patterns known as attack signatures. Another approach is called anomaly detection, whereby rules or predefined concepts about normal and abnormal system activity, called heuristics, to distinguish anomalies from normal system behavior and to monitor, report or block anomalies as they occur.

To summarize, intrusion detection systems have many different characteristics:

  • They can be software-based, or a combination of software and hardware.
  • They can be network-based, host-based, or distributed
  • The primary job of the intrusion detection system is to detect attacks and inform the administrator, not to block attacks; however, many intrusion detection systems will go a step further and take measures to block attacks.

External Links:

Intrusion detection system on Wikipedia

Port Enumeration Tools: Part One

port enumeration toolsIn this article, we’ll begin to discuss the tools that are useful in the enumeration phase of an assessment. These port enumeration tools will scan a list of targets and ports to help determine more information about each target. The enumeration phase usually reveals program names, version numbers, and other detailed information that will eventually be used to determine vulnerabilities on these systems.

The version-scanning feature of nmap is invoked with the -sV flag. Based on a returned banner, or on a specific response to an nmap-provided probe, a match is made between the service response and the nmap service fingerprints. This is a new feature and since it interrogates discovered services, many intrusion detection system (IDS) vendors will be writing signature files for this type of behavior, so use it with caution.

Port Enumeration Tools: p0f

p0f is the only passive fingerprinting port enumeration tool included in the Auditor distribution. If you want to be extremely stealthy in your initial scan and enumeration processes, and don’t mind getting high-level results for OS fingerprinting, p0f is the tool for you. It works by analyzing the responses from your target on innocuous queries, such as Web traffic, ping replies, or normal operations. p0f gives the best estimation on an operating system based on those replies, so it may not be as precise as other active tools, but it can still give you a good starting point.

Port Enumeration Tools: Xprobe2

Another important port enumeration tool is Xprobe2, which is primarily an OS fingerprinter, but also has some basic port-scanning functionality built in to identify open or closed ports. You can also specify known open or closed ports, to which Xprobe2 performs several different TCP-, UDP-, and iCMP-based tests to determine the remote OS. The version supplied with Auditor is one version behind, but newer versions have more fingerprints. You will likely want to provide Xprobe2 with a known open or closed port for it to determine the remote OS.

If you run across a web server and want to know the HTTP daemon running without loading up a big fingerprinting tool that might trip IDS sensors, then httprint may be your tool of choice, as it is designed for just such a purpose. It only fingerprints http servers, and does both banner grabbing as well as signature matching against a provided signatures file.

Port Enumeration Tools: IKE-scan

One of the more common VPN implementations involves the use of IPsec tunnels. Different manufacturers have slightly different usages of IPsec, which can be discovered and fingerprinted using IKE-scan. IKE stands for Internet Key Exchange, and is used to provide a secure basis for establishing an IPsec-secured tunnel. IKE-scan can be run in two different modes: Main (-M) and Aggressive (-A), each of which can identify different VPN implementations. Both operate under the principle that VPN servers will attempt to establish communications to a client that only sends the initial portion of an IPsec handshake. An initial IKE packet is sent (with Aggressive mode, a UserID is also specified), and based on the time elapsed and types of responses sent, the VPN server can be identified based on service fingerprints. In addition to the VPN fingerprinting functionality, IKE-scan includes psk-crack, which is a program used to dictionary crack pre-shared keys (psk) used for VPN logins. IKE-scan does not have fingerprints for all VPN vendors, and since the fingerprints change based on version increase, you may not find a fingerprint for your specific VPN, but you can still gain useful information such as the Authentication type and encryption algorithm used.

Sometimes, you may encounter a service that may not be easily recognizable by port number or immediate response. amap will send multiple queries and probes to a specific service, and then analyze the results, including returned banners, to identify what application or service is actually running on a specific port. There are options that allow you to minimize parallel attempts, or really stress the system with a large number of attempts, which may provide different information. You can also query a service once, and report back on the first matching banner reported, using the -1 option.

In the next article, we’ll continue our look at various port enumeration tools.

External Links:

Official p0f website

p0f on Wikipedia

X probe2 on sourceforge.net

IKE-Scan home page

Open Source Tools: Part Three (Even more nmap options)

nmap optionsWhen you specify your targets for scanning, nmap will accept specific IP addresses, address ranges in CIDR format, and octet format (i.e. x.x.x.x). If you have a host file, which may have been generated from your ping sweep earlier, you can specify it as well using the -iL flag. There are other, more formal nmap parsing programs out there, but awk can be used to create a quick and dirty hosts file from an nmap ping sweep. Scripting can be a very powerful addition to any tool, but remember to check all the available output options to avoid doing too much work.

nmap allows the user to specify the speed of the scan, or the amount of time from probe sent to replay received, and therefore how fast packets are sent. On a fast LAN, you can optimize your scanning by setting the -T option to 4, or Aggressive, usually without dropping any packets during send. If you find that a normal scan is taking very long due to ingress filtering or a firewall device, you may want to enable Aggressive scanning. If you know that an IDS sits between you and the target, and you want to be as stealthy as possible, the using -T0 or Paranoid should do what you want; however, it will take a long time to finish a scan, perhaps several hours, depending on your scan parameters.

By default, nmap 6.40 with Auditor scans 1000 ports for common services, which will catch most open TCP ports out there. However, sneaky sysadmins may run ports on uncommon ports, practicing security through obscurity. Without scanning those uncommon ports, you may be missing these services. If you have time, or suspect that a system may be running other services, run nmap with the -p1-65535 parameter, which will scan all 65k TCP ports. Even on a LAN with responsive systems, this will take anywhere from 30 minutes to a few hours. Performing a test like this over the Internet may take even longer, which will allow more time for the system owners, or watchers, to note the excessive traffic and shut you down.

Ping Sweeping with netenum

Finally, if you have a need for a very simple ICMP ping sweep program that you can use for scriptable applications, netenum might be useful. It performs a basic ICMP ping and then replies with only the reachable targets. One quirt about netenum is that it requires a timeout to be specified for the entire test. If no timeout is specified, it outputs a CR-delimited dump of the inputted addresses. If you have tools that will not accept a CIDR formatted range of addresses, you might use netenum to simply expand that into a listing of individual IP addresses. netenum is part of the Internetwork Routing Protocol Attack Suite, which also includes such utilities as cdp (for sending Cisco router Discovery protocol messages), and ass (Automated System Scanner).

External Links:

The official nmap site

Official site for the Internetwork Routing Protocol Attack Suite (IRPAS) – netenum is part of IRPAS

Open Source Tools: Part Two (More nmap options)

nmap optionsIn the previous article, we began our look at open source tools, beginning with nmap. In this article, we continue our look at some nmap options.

nmap Options: Stealth Scanning

For any scanning you perform, it is not a good idea to use a connect scan (-sT), which fully establishes a connection to a port. Excessive port connections can cause a DoS to older machines, and will definitely raise alarms on any IDS system. Therefore, you should use a stealthy port testing method with nmap, such as a SYN scan. To launch a SYN scan from nmap, you use the -sS flag, which produces a listing of the open ports on the target, and possibly open/filtered ports if the target is behind a firewall. The ports returned as open are listed with what service that port corresponds to, based on IANA port registrations, as well as any commonly used ports.

In addition to lowering your profile with half-open scans, an nmap option you may also consider is the FTP or “bounce” scan and idle scan options that can mask your IP from the target. The FTP scan (which was discussed in a previous article) takes advantage of a feature of some FTP servers, which allow anonymous users to proxy connections to other systems. If you find during your enumeration that an anonymous FTP server exists or one to which you have login credentials, try using the -b option with user:pass@server:ftpport. If the server does not require authentication, you can skip the username and password, and unless FTP is running on a nonstandard port, you can leave out the FTP port option as well. The idle scan, using -sI zombiehost:port, has a similar result, but a different method of scanning. If you can identify a target with low traffic and predictable IPID values, you can send spoofed packets to your target, with the source set to the idle target. The result is that an IDS sees the idle scan target as the system performing the scanning, keeping your system hidden. If the idle target is a trusted IP address and can bypass host-based access control lists (ACLs), then you’ll get even better results. Do not expect to be able to use a bounce or idle scan on every penetration test, but keep looking around for potential targets. Older systems, which do not offer useful services, may be the best targets for some of these scan options.

nmap Options: Fingerprinting

You should be able to create a general idea of the remote target’s operating system from the services running and the ports open. For example, ports 135, 137, 139 or 445 often indicate a Windows-based target. [135 is used by the End Point Manager (EPMAP) to remotely manage services (and is also used by DCOM); 137 and 139 are used by NetBIOS; 445 is used by Active Directory.] However, if you want to get more specific, you can use nmap’s -O flag, which invokes nmap’s fingerprinting mode. Care needs to be taken here as well, as some older operating systems such as AIX prior to 4.1 and older SunOS versions have been known to die when presented with a malformed packet. Keep this in mind before using -O across a Class B subnet. Note also that the fingerprint option without any scan types will invoke a SYN scan, the equivalent of -sS.

In the next article, we will look at some more nmap options.

External Links:

nmap.org – the nmap site

© 2013 David Zientara. All rights reserved. Privacy Policy