NMAP- protect your important machines from crackers

NMAP - protect your important machines from crackers
When a cracker decides to case your site, one of the tools he or she will probably use is nmap. Nmap (think "network mapper") fulfills three goals of a reconnaissance taken before an attack: Locates IP addresses in use Locates ports in use Identifies the operating system in use on a targeted system Nmap is also a security tool. You can download compiled versions of nmap for Linux http://www.insecure.org/nmap, or source code that can be compiled for many versions of UNIX, for free. Using nmap yourself helps you level the playing field you share with crackers. Installation gunzip nmap-2.53.tgz tar xvf nmap-2.53.tar cd nmap-2.53 ./configure make make install Examples Here are some examples of using nmap, from simple and normal to a little more complex. The author of nmap do not think portscanning other networks is illegal; nor should portscans be construed by others as an attack. Get permission first or use at your own risk, more examples can be found in the man pages. nmap -v www.akadia.com This option scans all reserved TCP ports on the machine www.akadia.com . The -v means turn on verbose mode. Starting nmap V. 2.53 by fyodor@insecure.org No tcp,udp, or ICMP scantype specified, assuming vanilla tcp connect() scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up). Machine 193.247.121.196 MIGHT actually be listening on probe port 80 Host rabbit (193.247.121.196) appears to be up ... good. Initiating TCP connect() scan against rabbit (193.247.121.196) Adding TCP port 53 (state open). Adding TCP port 80 (state open). Adding TCP port 25 (state open). Adding TCP port 22 (state open). Adding TCP port 139 (state open). Adding TCP port 1521 (state open). The TCP connect scan took 0 seconds to scan 1523 ports. Interesting ports on rabbit (193.247.121.196): (The 1517 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 139/tcp open netbios-ssn 1521/tcp open ncube-lm Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds nmap -sS -O www.akadia.com Launches a stealth SYN scan against www.akadia.com. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and the OS detection. Starting nmap V. 2.53 by fyodor@insecure.org Interesting ports on rabbit (193.247.121.196): (The 1517 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 139/tcp open netbios-ssn 1521/tcp open ncube-lm TCP Sequence Prediction: Class=random positive increments Difficulty=4765589 (Good luck!) Remote operating system guess: Linux 2.1.122 - 2.2.14 Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

NMAP - protect your important machines from crackers

When a cracker decides to case your site, one of the tools he or she will probably use is nmap. Nmap (think "network mapper") fulfills three goals of a reconnaissance taken before an attack:

Locates IP addresses in use
Locates ports in use
Identifies the operating system in use on a targeted system

Nmap is also a security tool. You can download compiled versions of nmap for Linux http://www.insecure.org/nmap, or source code that can be compiled for many versions of UNIX, for free. Using nmap yourself helps you level the playing field you share with crackers.

gunzip nmap-2.53.tgz
tar xvf nmap-2.53.tar
cd nmap-2.53
./configure
make
make install

Here are some examples of using nmap, from simple and normal to a little more complex. The author of nmap do not think portscanning other networks is illegal; nor should portscans be construed by others as an attack. Get permission first or use at your own risk, more examples can be found in the man pages.

nmap -v www.akadia.com

This option scans all reserved TCP ports on the machine www.akadia.com . The -v means turn on verbose mode.

Starting nmap V. 2.53 by fyodor@insecure.org
No tcp,udp, or ICMP scantype specified, assuming vanilla tcp
connect() scan. Use -sP if you really don't want to portscan
(and just want to see what hosts are up).

Machine 193.247.121.196 MIGHT actually be listening on probe port 80
Host rabbit (193.247.121.196) appears to be up ... good.
Initiating TCP connect() scan against rabbit (193.247.121.196)

Adding TCP port 53 (state open).
Adding TCP port 80 (state open).
Adding TCP port 25 (state open).
Adding TCP port 22 (state open).
Adding TCP port 139 (state open).
Adding TCP port 1521 (state open).

The TCP connect scan took 0 seconds to scan 1523 ports.
Interesting ports on rabbit (193.247.121.196):
(The 1517 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
1521/tcp open ncube-lm

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

nmap -sS -O www.akadia.com

Launches a stealth SYN scan against www.akadia.com. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and the OS detection.

Starting nmap V. 2.53 by fyodor@insecure.org
Interesting ports on rabbit (193.247.121.196):
(The 1517 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
1521/tcp open ncube-lm

TCP Sequence Prediction: Class=random positive increments
Difficulty=4765589 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.14

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds