Short presentation: Recognition large-scale network: port scan is not dead

No ratings

Presented at SSTIC 2014 by

Fred Raynal

Adrien Guinet

Since networks exist, people look close to their own machine in search of everything and anything. We saw emerge as different techniques, the most famous and still relevant remains the port scan. Historically, the reference tool, nmap, then proposed a technical test for a service was available on a network, TCP, and UDP. He added many other options, OS fingerprinting via recognition of the IP stack to banner grabbing through scripts in LUA. Anyone who is interested in security is one day confronted with this Swiss Army knife of port scan, scanner and enjoys his neighbor, Google, and a few other areas more or less acceptable. Then comes the time of maturity where as pentesteur, this tool becomes the daily marking the beginning of each new test. However, the network recognition goes much further than 2-3 scanner machines. Networks now support much higher data rates, and are emerging as tools or ZMap massscan to scan very large networks very quickly. The presentation will focus on these questions: How to define a specific target on the Internet? (A business, organization, government ...) What results acquire? How to scan quickly and reliably these targets? How to store and analyze the results? Several case studies will be presented: Targeting an entity Search vulnerable services Retrieving public key "Monitoring" networks