Documente Academic
Documente Profesional
Documente Cultură
----
HTTP/1.1 200 OK
Date: Mon, 12 Dec 2016 13:33:41 GMT
Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze14 with Suhosin-Patch mod_python/3.3.1
Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1
Last-Modified: Fri, 11 Sep 2009 22:52:47 GMT
ETag: "18bb4-2d-473552cbf6dc0"
Accept-Ranges: bytes
Content-Length: 45
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
---
Starting Nmap 5.50 ( http://nmap.org ) at 2017-02-14 14:42 EST
Nmap scan report for 10.0.0.124
Host is up (0.017s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.5p1 Debian 6+squeeze2 (protocol 2.0)
80/tcp open http Apache httpd 2.2.16 ((Debian) PHP/5.3.3-7+squeeze14 with
Suhosin-Patch mod_python/3.3.1 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1)
111/tcp open rpcbind 2 (rpc #100000)
2049/tcp open nfs 2-4 (rpc #100003)
MAC Address: 00:50:56:9F:5A:33 (VMware)
Service Info: OS: Linux
02:47:33.458132 IP (tos 0x0, ttl 128, id 22970, offset 0, flags [DF], proto ICMP (1), length 84)
knoxville.nslab > 10.0.0.5: ICMP echo reply, id 5383, seq 1, length 64
02:47:34.557817 IP (tos 0x0, ttl 128, id 22971, offset 0, flags [DF], proto ICMP (1), length 84)
knoxville.nslab > 10.0.0.5: ICMP echo reply, id 5383, seq 2, length 64
02:47:35.539428 IP (tos 0x0, ttl 128, id 22972, offset 0, flags [DF], proto ICMP (1), length 84)
knoxville.nslab > 10.0.0.5: ICMP echo reply, id 5383, seq 3, length 64
02:47:46.364125 IP (tos 0x0, ttl 128, id 22973, offset 0, flags [DF], proto ICMP (1), length 84)
knoxville.nslab > 10.0.0.5: ICMP echo reply, id 5386, seq 1, length 64
02:47:47.218018 IP (tos 0x0, ttl 128, id 22974, offset 0, flags [DF], proto ICMP (1), length 84)
knoxville.nslab > 10.0.0.5: ICMP echo reply, id 5386, seq 2, length 64
02:47:48.217856 IP (tos 0x0, ttl 128, id 22975, offset 0, flags [DF], proto ICMP (1), length 84)
knoxville.nslab > 10.0.0.5: ICMP echo reply, id 5386, seq 3, length 64
11. icmp_ratelimit is the maximum rate at which the kernel generates icmp messages. Typically
the values are in Jiffies and its unit value id 1/100 per sesond. To slow down the UDP scan we
need to send the messages slower. So we could increase the value of the icmp_ratelimit value
so that the time between messages increase and messages would go slow.
12. -sS(SYN Scan) scan runs much faster than -sT(CONNECT Scan) scan, because it never
needs to complete the connection. It just sends a SYN packet and depending on its response, it
declares whether a port is open or closed. On the other hand CONNECT scan in a full fledged
TCP Connect call used in higher level layer of network protocol and also it has no control over
the raw packets
(Source: man page of nmap)
13. In general if the nmap doesnt receive any response after retransmission,s it concludes the
port as open or filtered. I
14. When running an idle scan against a victim, if the victims firewall drops the SYN packets,
then these ports are called filtered ports.if a SYN segment is sent to a filtered port of the host
then the host doesnt give a response to this segment because the segment couldnt reach the
host because of the firewall which simply drops the packet. If the scan target uses a tar-pit on
every unused port, it ends up hogging its resources and thereby affecting other users that try to
reach that system. The idle scan would not affected as well since all the incoming requests will
be to the zombie and the IP ID will be incremented whenever it gets a response. (Provided the
zombie is known to be idle.)
15. The general purpose of the IP ID bit is to find out the quantity of packets coming from the
source. So an obvious technique is to change the way IP ID is used. Some linux kernels
randomize the IP ID sequence such that same numbers are not used in the short period. Also
some kernels combine the value with Defragmentation bit, since anyhow the IP ID bit is going to
give the information about the same. Some ways Linux implements this is
1. IP Personality : It changes the parameters regarding the window size and packet
fragmentation, so that spoofed packets get the wrong information
2. Stealth patch: Stealth patch generally ignores packets of specific kind configured into it.
If the IP ID numbers are changed or modified, the side channel will be tricked into getting the
information about the real packets and thus can not get accurate information about the desired
port.