ELEC5616_Computer And Network Security_2014 Semester 1_CNS_Lecture_18.pdfVIP

ELEC5616 COMPUTER NETWORK SECURITY Lecture 18: Network Protocols II SOURCE ROUTING Both IPv4 and IPv6 allow the sender (rather than routers) to specify routes that packets take through a feature known as source routing. In strict source routing, the sender specifies each hop that the packet takes through the network. In loose source routing, the sender only specifies a group of hosts the packet must transit through. This allows a remote attacker to facilitate non-blind attacks (whereas they previously could only mount blind attacks as they do not receive reply packets). Source routing can be turned off in the kernel. 2 SOURCE ROUTING Many kernels are configured to ignore source routing. Many firewalls/routers block source routed packets and may optionally trigger alarms. 3 PORT SCANNING Port scanning is the process of sending packets to all ports on a machine (or range of machines) to audit available (open) services. # nmap -255 Starting nmap V. 2.3BETA14 by fyodor@ ( /nmap/ ) Interesting ports on (): Port State Protocol Service 22 open tcp ssh 139 open tcp netbios-ssn Interesting ports on (): Port State Protocol Service 7 open tcp echo 9 open tcp discard 21 open tcp ftp 25 open tcp smtp 42 open tcp nameserver 53 open tcp domain 80 open tcp http Nmap run completed -- 255 IP addresse