Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Nmap Network Exploration and Security Auditing Cookbook, Third Edition

You're reading from   Nmap Network Exploration and Security Auditing Cookbook, Third Edition Network discovery and security scanning at your fingertips

Arrow left icon
Product type Paperback
Published in Sep 2021
Publisher Packt
ISBN-13 9781838649357
Length 436 pages
Edition 3rd Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Paulino Calderon Paulino Calderon
Author Profile Icon Paulino Calderon
Paulino Calderon
Arrow right icon
View More author details
Toc

Table of Contents (22) Chapters Close

Preface 1. Chapter 1: Nmap Fundamentals 2. Chapter 2: Getting Familiar with Nmap's Family FREE CHAPTER 3. Chapter 3: Network Scanning 4. Chapter 4: Reconnaissance Tasks 5. Chapter 5: Scanning Web Servers 6. Chapter 6: Scanning Databases 7. Chapter 7: Scanning Mail Servers 8. Chapter 8: Scanning Windows Systems 9. Chapter 9: Scanning ICS/SCADA Systems 10. Chapter 10: Scanning Mainframes 11. Chapter 11: Optimizing Scans 12. Chapter 12: Generating Scan Reports 13. Chapter 13: Writing Your Own NSE Scripts 14. Chapter 14: Exploiting Vulnerabilities with the Nmap Scripting Engine 15. Other Books You May Enjoy Appendix A: HTTP, HTTP Pipelining, and Web Crawling Configuration Options 1. Appendix Β: Brute-Force Password Auditing Options 2. Appendix C: NSE Debugging 3. Appendix D: Additional Output Options 4. Appendix Ε: Introduction to Lua 5. Appendix F: References and Additional Reading

Defending against Nmap service detection scans

If you belong to the blue team of an organization, it is likely you are already running a decoy host in your network. But what about something that slows down attackers? As Nmap is one of the most popular tools for port scanning, it is a good idea to implement something that will hinder the scans.

In this recipe, you will learn how to make Nmap scan indefinitely when a service detection scan is used against a target.

How to do it...

To start a fake HTTP service that sends random data indefinitely on a Linux-based host, use the following Ncat command:

$ncat -l 127.0.0.1 8080 -c "echo 'HTTP/1.1 200 OK\r\n\r\n'; cat /dev/urandom" -k

A new service running on port 8080 will start on your localhost. If an attacker uses Nmap's service detection scan (-sV), the service will prevent Nmap from closing the network socket, and hence the scan will never finish.

How it works...

The previous Ncat command simply listens on the local IP address TCP port 8080 (-l 127.0.0.1 8080) and executes a system command using the -c option. The -k option is also used to enable multiple connections so the socket is not closed after the first client connects. The executed system command is composed of two parts:

  • A fake protocol header: echo 'HTTP/1.1 200 OK\r\n\r\n'
  • Random data stream: cat /dev/urandom

The fake application protocol header is used to confuse the scanner making it launch a read operation that will only close once data transmission is complete, which will never happen. Additionally, Nmap prints results only when all hosts are processed, and if one host isn't complete, none of the results from that group are printed, so the attackers won't be able to see the incomplete results report. By using the /dev/urandom pseudo-device, we generate an infinite body message to append to the response and achieve this infinite response condition.

There's more...

Even though it is basic, this technique is pretty effective and does not only work on Nmap. You would be surprised how fragile some vulnerability scanners are, and this is only one method for hindering their results. You should get creative and analyze how the scanner works to identify possible attack vectors. In this recipe, we used an HTTP header to trick the scanner, but other protocols could also be susceptible.

Attacking web crawlers in security scanners

Writing web crawlers and handling the infinite combination of tags and fields in poorly written HTML is difficult. Scanners often include web crawlers to enumerate the attack surface and even detect vulnerabilities. By targeting the web crawler engine in scanners, we may affect the scanning behavior. Common attacks against web crawlers include web servers with link loops, pages with a high number of nested links, and dynamic content generation, among many others. Try these techniques against security scanners to discover interesting defense techniques!

You have been reading a chapter from
Nmap Network Exploration and Security Auditing Cookbook, Third Edition - Third Edition
Published in: Sep 2021
Publisher: Packt
ISBN-13: 9781838649357
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image