Redes de computadores
Transcrição
Redes de computadores
Redes de computadores Atividade realizada: Identificar serviços de portas aberta tanto na rede cabeada quanto wi-fi: Ferramenta utilizada para identificar serviços e portas abertas na rede foi o Nmap: O Nmap é um scanner open source, uma ferramenta livre, de código aberto, utilizada para mapeamento de redes e inclui diversas funcionalidades como: varredura de portas, detecção de serviços, identificação remota de sistemas operacionais etc. Esta ferramenta foi criada por Gordon “Fyodor” Lyon, que ainda hoje participa ativamente do desenvolvimento do mesmo. O nmap é uma ferramenta muito utilizada, entre outros, em auditorias teste de invasão, teste em firewalls e testes de conformidade. O nmap, em geral, opera nas camadas de rede e transporte. Entretanto, também é capaz de manipular dados da camada de enlace (endereças MAC e requisições ARP, por exemplo) e de interpretar dados da camada de aplicação para inferir informações interessantes a respeito de seu alvo (versões de serviços e sistemas operacionais). Comandos NMAP -sP Ping scan: As vezes é necessário saber se um determinado dispositivo está ativo na rede, o Nmap envia pacotes ICMP para verificar se determinado IP está ativo na rede. -sS TCP Syn scan: este comando não faz uma conexão TCP completa. É enviado um pacote Syn, como se fosse uma conexão verdadeira e ele fica aguardando uma resposta, caso a resposta seja recebida “SYN-ACK” você já sabe que a porta está aberta. A vantagem desse método é que poucos irão detectar esse scan de portas. -sT TCP connect scan: Esta é a técnica mais básica de fazer o scan TCP. Ele envia um sinal para as portas ativas na rede, caso a porta esteja aberta ele recebe uma resposta. Esta técnica é a mais rápida porém é fácil de ser detectado. -sU UDP scan: Este é o comando utilizado para identificar qual porta UDP está aberta em alguma máquina. A técnica consiste em enviar um pacote UDP de 0 byte para cada porta da máquina se for recebido uma mensagem de ICMP(porta inacessível) então a porta esta fechada, ou pode estar aberta também Os estados de portas conhecidos pelo Nmap Aberto(open) Uma aplicação está ativamente aceitando conexões TCP ou pacotes UDP nesta porta. encontrar esta condição (open), é o objetivo principal de um escaneamento de portas. Nós sabemos que cada porta aberta é um convite para um ataque. Invasores e profissionais de avaliação de segurança querem explorar as portas abertas, enquanto os administradores tentam fechar ou proteger com firewalls. Fechado(closed) Uma porta fechada está acessível (ela recebe e responde a pacotes de sondagens do Nmap), mas não há nenhuma aplicação ouvindo nela. Elas podem ser úteis para mostrar se um host está ativo a um determinado endereço IP (descoberta de hosts, ou scan usando ping), é como parte de uma detecção de SO. Pelo fato de portas fechadas serem alcançáveis, pode valer a pena escanear mais tarde no caso de alguma delas abrir. Os administradores deveriam considerar o bloqueio dessas portas com um firewall. Então elas apareceriam no estado filtrado. Filtrado(Filtered) O Nmap não consegue determinar se uma porta está aberta porque uma filtragem de pacotes impede que as sondagens do nmap alcancem a porta. A filtragem pode ser de um FIREWALL dedicado, regras de ROTEADOR, ou um software de firewall baseado em host. não-filtrado(unfiltered) O estado não filtrado significa que uma porta está acessível, mas que o Nmap é incapaz de determinar se ela está aberta ou fechada. open(filterede) O nmap coloca portas neste estado quando é incapaz de determinar se uma porta está aberta ou filtrada. closed(filtered) Este estado é usado quando o Nmap é incapaz de determinar se uma porta está fechada ou filtrada. Um dos comandos utilizados para o escaneamento: nmap -script oracle-sid-brute “IP” Scan Wi-ffi Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:21 BRST Nmap scan report for 192.168.40.20 Host is up (0.0030s latency). Not shown: 998 closed ports PORT STATE SERVICE 53/tcp filtered domain 2001/tcp filtered dc MAC Address: B4:B5:2F:4F:BA:90 (Hewlett Packard) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:21 BRST Nmap scan report for 192.168.40.21 Host is up (0.0031s latency). Not shown: 998 closed ports PORT STATE SERVICE 53/tcp filtered domain 2001/tcp filtered dc MAC Address: B4:B5:2F:4F:BA:95 (Hewlett Packard) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:21 BRST Nmap scan report for 192.168.40.22 Host is up (0.0075s latency). Not shown: 998 closed ports PORT STATE SERVICE 53/tcp filtered domain 2001/tcp filtered dc MAC Address: B4:B5:2F:4F:BA:83 (Hewlett Packard) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:21 BRST Nmap scan report for 192.168.40.23 Host is up (0.010s latency). All 1000 scanned ports on 192.168.40.23 are closed MAC Address: 88:9B:39:A6:97:0D (Samsung Electronics Co.) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:21 BRST Nmap scan report for 192.168.40.25 Host is up (0.025s latency). Not shown: 998 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http MAC Address: D0:7E:28:C5:BE:85 (Hewlett Packard) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:26 BRST Nmap scan report for 192.168.40.1 Host is up (0.083s latency). Not shown: 998 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http MAC Address: D0:67:E5:6F:7D:7A (Dell) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:26 BRST Nmap scan report for 192.168.40.2 H3s latency). Not shown: 989 ost is up (0.004closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 443/tcp open https 1056/tcp filtered vfo 2001/tcp filtered dc 5432/tcp open postgresql 8080/tcp open http-proxy 8081/tcp open blackice-icecap 8082/tcp open blackice-alerts 8090/tcp open unknown MAC Address: 44:1E:A1:C2:34:13 (Hewlett-Packard Company) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:27 BRST Nmap scan report for 192.168.40.5 Host is up (0.015s latency). Not shown: 990 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 8081/tcp open blackice-icecap 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49157/tcp open unknown 49160/tcp open unknown MAC Address: E0:06:E6:DC:82:37 (Hon Hai Precision Ind. Co.) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:27 BRST Nmap scan report for 192.168.40.20 Host is up (0.0024s latency). Not shown: 998 closed ports PORT STATE SERVICE 53/tcp filtered domain 2001/tcp filtered dc MAC Address: B4:B5:2F:4F:BA:90 (Hewlett Packard) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:27 BRST Nmap scan report for 192.168.40.21 Host is up (0.0019s latency). Not shown: 998 closed ports PORT STATE SERVICE 53/tcp filtered domain 2001/tcp filtered dc MAC Address: B4:B5:2F:4F:BA:95 (Hewlett Packard) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:28 BRST Nmap scan report for 192.168.40.23 Host is up (0.011s latency). All 1000 scanned ports on 192.168.40.23 are closed MAC Address: 88:9B:39:A6:97:0D (Samsung Electronics Co.) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:28 BRST Nmap scan report for 192.168.40.25 Host is up (0.018s latency). Not shown: 998 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http MAC Address: D0:7E:28:C5:BE:85 (Hewlett Packard) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:28 BRST Nmap scan report for 192.168.40.26 Host is up (0.011s latency). All 1000 scanned ports on 192.168.40.26 are closed MAC Address: 84:38:38:76:2B:2E (Unknown) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:28 BRST Nmap scan report for 192.168.40.31 Host is up (0.0048s latency). Not shown: 999 closed ports PORT STATE SERVICE 62078/tcp open iphone-sync MAC Address: 78:6C:1C:A0:53:45 (Apple) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:29 BRST Nmap scan report for 192.168.40.33 Host is up (0.049s latency). Not shown: 999 closed ports PORT STATE SERVICE 7000/tcp open afs3-fileserver MAC Address: E0:75:7D:F7:36:FE (Motorola Mobility) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:29 BRST Nmap scan report for 192.168.40.38 Host is up (0.050s latency). Not shown: 999 closed ports PORT STATE SERVICE 62078/tcp open iphone-sync MAC Address: A4:C3:61:93:8E:59 (Apple) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:32 BRST Nmap scan report for 192.168.40.42 Host is up (0.052s latency). All 1000 scanned ports on 192.168.40.42 are closed MAC Address: E0:75:7D:87:D8:30 (Motorola Mobility) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:32 BRST Nmap scan report for 192.168.40.43 Host is up (0.017s latency). All 1000 scanned ports on 192.168.40.43 are closed MAC Address: 34:BB:26:87:59:8B (Unknown) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:32 BRST Nmap scan report for 192.168.40.49 Host is up (0.0044s latency). Not shown: 998 closed ports PORT STATE SERVICE 53/tcp filtered domain 2001/tcp filtered dc MAC Address: B4:B5:2F:4F:2B:A8 (Hewlett Packard) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:34 BRST Nmap scan report for 192.168.40.68 Host is up (0.062s latency). Not shown: 999 filtered ports PORT STATE SERVICE 2869/tcp open icslap MAC Address: 70:18:8B:FB:53:D3 (Hon Hai Precision Ind. Co.) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:35 BRST Nmap scan report for 192.168.40.78 Host is up (0.062s latency). Not shown: 998 closed ports PORT STATE SERVICE 53/tcp filtered domain 2001/tcp filtered dc MAC Address: B4:B5:2F:4F:BA:92 (Hewlett Packard) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:39 BRST Nmap scan report for 192.168.40.104 Host is up (0.030s latency). Not shown: 991 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49156/tcp open unknown 49157/tcp open unknown MAC Address: 70:18:8B:FD:F9:81 (Hon Hai Precision Ind. Co.) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:40 BRST Nmap scan report for 192.168.40.109 Host is up (0.024s latency). Not shown: 997 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: EC:55:F9:AF:6D:5E (Hon Hai Precision Ind. Co.) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:40 BRST Nmap scan report for 192.168.40.116 Host is up (0.014s latency). Not shown: 985 closed ports PORT STATE SERVICE 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 902/tcp open iss-realsecure 912/tcp open apex-mesh 1110/tcp filtered nfsd-status 2869/tcp filtered icslap 3389/tcp filtered ms-wbt-server 10243/tcp open unknown 19780/tcp filtered unknown 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49156/tcp open unknown MAC Address: E8:11:32:B4:DA:72 (Samsung Electronics CO.) ing) Nmap scan report for 192.168.40.116 Host is up (0.051s latency). Not shown: 985 closed ports PORT STATE SERVICE 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 902/tcp open iss-realsecure 912/tcp open apex-mesh 1110/tcp filtered nfsd-status 2869/tcp filtered icslap 3389/tcp filtered ms-wbt-server 10243/tcp open unknown 19780/tcp filtered unknown 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49156/tcp open unknown MAC Address: E8:11:32:B4:DA:72 (Samsung Electronics CO.) Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-01 18:45 BRST Nmap scan report for 192.168.40.132 Host is up (0.029s latency). Not shown: 989 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2869/tcp open icslap 5357/tcp open wsdapi 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49156/tcp open unknown 49163/tcp open unknown MAC Address: 24:F5:AA:54:73:9C (Samsung Electronics Co.) Nmap scan report for 192.168.40.31 Host is up (0.0062s latency). Not shown: 977 closed ports PORT STATE SERVICE 85/tcp filtered mit-ml-dev 259/tcp filtered esro-gen 1038/tcp filtered mtqp 1064/tcp filtered jstel 1067/tcp filtered instl_boots 1123/tcp filtered murray 1138/tcp filtered encrypted_admin 2030/tcp filtered device2 2366/tcp filtered qip-login 2394/tcp filtered ms-olap2 2869/tcp filtered icslap 3945/tcp filtered emcads 4998/tcp filtered maybe-veritas 5000/tcp filtered upnp 5961/tcp filtered unknown 8400/tcp filtered cvd 9290/tcp filtered unknown 13783/tcp filtered netbackup 20005/tcp filtered btx 21571/tcp filtered unknown 27356/tcp filtered unknown 40193/tcp filtered unknown 62078/tcp open iphone-sync MAC Address: 78:6C:1C:A0:53:45 (Apple Scan Cabeado Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-01 21:51 BRST Nmap scan report for 192.168.8.1 Host is up (0.027s latency). Not shown: 998 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http MAC Address: D0:67:E5:6F:7D:7A (Dell) Nmap scan report for 192.168.8.102 Host is up (0.0011s latency). Not shown: 990 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 554/tcp open rtsp 902/tcp open iss-realsecure 912/tcp open apex-mesh 2869/tcp open icslap 5357/tcp open wsdapi 10243/tcp open unknown 49155/tcp open unknown MAC Address: 00:17:F2:D6:1D:97 (Apple) Nmap scan report for 192.168.8.103 Host is up (0.0011s latency). Not shown: 990 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 554/tcp open rtsp 902/tcp open iss-realsecure 912/tcp open apex-mesh 2869/tcp open icslap 5357/tcp open wsdapi 10243/tcp open unknown 49155/tcp open unknown MAC Address: 00:17:F2:D8:DC:F2 (Apple) Nmap scan report for 192.168.8.104 Host is up (0.0012s latency). Not shown: 990 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 554/tcp open rtsp 902/tcp open iss-realsecure 912/tcp open apex-mesh 2869/tcp open icslap 5357/tcp open wsdapi 10243/tcp open unknown 49155/tcp open unknown MAC Address: 00:17:F2:D6:16:25 (Apple) Nmap scan report for 192.168.8.105 Host is up (0.0011s latency). Not shown: 990 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 554/tcp open rtsp 902/tcp open iss-realsecure 912/tcp open apex-mesh 2869/tcp open icslap 5357/tcp open wsdapi 10243/tcp open unknown 49156/tcp open unknown MAC Address: 00:17:F2:D6:BB:F8 (Apple) Nmap scan report for 192.168.8.110 Host is up (0.0012s latency). Not shown: 990 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 554/tcp open rtsp 902/tcp open iss-realsecure 912/tcp open apex-mesh 2869/tcp open icslap 5357/tcp open wsdapi 10243/tcp open unknown 49155/tcp open unknown MAC Address: 00:17:F2:D6:19:C4 (Apple) Nmap scan report for 192.168.8.117 Host is up (0.0013s latency). Not shown: 990 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 554/tcp open rtsp 902/tcp open iss-realsecure 912/tcp open apex-mesh 2869/tcp open icslap 5357/tcp open wsdapi 10243/tcp open unknown 49155/tcp open unknown MAC Address: 00:17:F2:D8:44:01 (Apple) Nmap scan report for 192.168.8.121 Host is up (0.00021s latency). All 1000 scanned ports on 192.168.8.121 are filtered MAC Address: 78:2B:CB:EE:08:B6 (Dell) Nmap scan report for 192.168.8.130 Host is up (0.0012s latency). Not shown: 990 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 554/tcp open rtsp 902/tcp open iss-realsecure 912/tcp open apex-mesh 2869/tcp open icslap 5357/tcp open wsdapi 10243/tcp open unknown 49155/tcp open unknown MAC Address: 00:17:F2:D6:19:F2 (Apple) Nmap scan report for 192.168.8.131 Host is up (0.00081s latency). Not shown: 986 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 902/tcp open iss-realsecure 912/tcp open apex-mesh 3306/tcp open mysql 5357/tcp open wsdapi 5432/tcp open postgresql 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49156/tcp open unknown 49159/tcp open unknown MAC Address: 00:17:F2:D6:1B:50 (Apple)
Documentos relacionados
Relatório de Captura de Portas e Serviços de Rede
tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp
Leia maisNmap Scan Report - Scanned at Fri Dec 13 17:36:05 2013
Nmap Scan Report - Scanned at Fri Dec 13 17:36:05 2013 Scan Summary Nmap 6.40 was initiated at Fri Dec 13 17:36:05 2013 with these arguments: nmap -sS -sV -oX scanredewififull.xml 192.168.40.10/21 ...
Leia mais