chapter 5

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

what kind of port should each respond to

Open ports should respond to a SYN message with a SYN/ACK. Closed ports should respond to a SYN message with a RST message.. UDP messages are sent from a client to a server and it's up to the server how it responds.

aeg

The parameters used with fping are aeg, which means fping shows hosts that are alive, show elapsed time, and generate a list of targets from an address block.

fping

This is a tool designed to send ICMP echo requests to multiple systems.

four categories of vulnurability

False Positive: The scanner has identified something it believes to be a vulnerability. After investigation, it turns out it's not really a vulnerability. False Negative: The scanner has not identified a vulnerability. It later turns out that there was a vulnerability that the scanner missed. True Positive: The scanner has identified a vulnerability that, after manual investigation, turns out to be a legitimate vulnerability. True Negative: The scanner has not identified a vulnerability and there is not a vulnerability to identify.

OpenVAS

allows you to have multiple users, each of which may have different permissions. Some users may be able to create scans, while others may only be able to look at the scan results.

MegaPing

another tool used to perform a ping weep, MegaPing is a GUI-based tool that runs under Windows. It incorporates several functions into a single interface. The ping sweep can be accomplished using the IP Scanner tool, which you would select from the list on the left-hand side.

Nmap

can perform UDP scans as well as multiple types of TCP scans when it comes to port scanning. In addition, nmap will detect operating system types, applications, and application versions. Perhaps more significantly, nmap supports running scripts. These scripts allow anyone to extend nmap's functionality.

F ping and megaping

explanation is on pic on phone

Nessus

is the parent of OpenVAS, which makes it worth looking at, especially to see how it has diverged from the path OpenVAS took. While Nessus is a commercial product, there is a home license so you can use it on your home network to compare against OpenVAS and also see another approach to vulnerability scanning.

Ping Sweep

A ping sweep is when you send ping messages to every system on the network, thus the "sweep" part. The ping is an ICMP echo request, which is a common message to be sent. As long as you aren't pounding targets with an unusual number or size of these messages, they may not be noticed. Ping sweeps aren't guaranteed to succeed because there may be firewall rules that block ICMP messages from outside the network

TCP

uses a three-way handshake to initiate connections,The three-way handshake uses the SYN and ACK flags to complete the connection process. Other flags, such as URG, PSH, and FIN, are used for other purposes, and the RST flag is used to let other systems know to cease communications on the destination port in the received message.

he e parameter

was passed to fping, it provides the elapsed time. This is the round-trip time between the message that was sent and the response that was received.

vulnerability scanner,

will identify open ports and listening applications, then determine what vulnerabilities may be possible based on those applications. The scanner will then run tests that have been defined for those vulnerabilities.


Ensembles d'études connexes

Chapter 25 - Drugs Used to Treat PVD

View Set

Connect Assignment: Ch07: Thinking

View Set

Supply chain management exam #2 - Matheson - multiple choice only

View Set