Linux system scanning Technology

Host Scan Command fping

Batch send ping request to target host, parallel send (ICMP)

Fping Installation:

①wget http://fping.org/dist/fping-3.10.tar.gz②tar-zxvf fping-3.10.tar.gz③cd fping-3.10;./configure④make && Make install

Fping-v #测试安装是否成功

Fping-h #获取帮助

Fping Common Parameters Introduction:

-A #只显示出存活的主机 (opposite parameter-u)

① fping IP1 IP2 by standard input mode

-G support for host segment mode 192.168.1.1 192.168.1.255 192.168.1.0/24

② by reading the IP contents of a file

Way: fping-f filename

Fping 10.10.140.221 10.10.140.222fping-a 10.10.140.221 10.10.140.222fping-a-G 10.10.140.1 10.10.140.200fping-a-G 10.1 0.140.1/24fping-u-F/ip_list.txt

Host Scan Command hping

Support for the use of TCP/IP packet assembly

Hping Installation:

①wget https://github.com/antirez/hping/archive/master.zip②unzip master③cd hping-master;./configure ( Requires Libpcap-devel support for yum install libpcap-devel) ④make && make install

Dependent installation:

Yum Install libpcap-develln-s/usr/include/pcap-bpf.h/usr/include/net/bpf.h

Hping Common parameters:

① TCP probe to target port

-P Port

-S set TCP mode SYN packet

② fake source IP to simulate DDoS attacks

-A forged IP address

Hping-p 22-s 10.10.163.233hping-p 22-s 10.10.163.233-a 10.10.163.235

Route Scan:

Query the number of hops, latency, and delays of a host's route to another host

Common tools: Traceroute, MTR

MTR features: Can test the host to each routing between the connectivity

Traceroute parameter Description:

Yum Install Traceroute

① default UDP protocol (more than 30000 ports)

② using the TCP protocol-t-p

③ using the ICMP protocol-I.

Traceroute-n www.baidu.com #-n does not display host name traceroute-in Www.baidu.comtraceroute-T-P 80-n www.baidu.com

MTR use:

MTR www.baidu.com

Bulk Host Service Scan:

Typical commands: Nmap, NCAT

Nmap command: (yum install nmap) default scan port range 0-1024

ICMP protocol type (-P)

TCP SYN Scan (-SS) TCP semi-open, no three handshake, not easy to detect records, universal

TCP Connect () scan (-st) TCP full Open, three-time handshake completed

UDP Scan (-SU)

NMAP-SP 10.10.140.0/24nmap-ss 10.10.163.233nmap-ss-p 0-30000 10.10.163.233 #指定端口范围0 -30000nmap-st-p 0-30000 10.10.16 3.233nmap-su 10.10.163.233

NCAT Tool Use:

-W set timeout time-Z one input output mode-V show command execution procedure

① based on TCP protocol (default)

Nc-v-z-w2 10.10.250.254 1-50 #1-50 port range

② based on UDP protocol-U

Nc-v-u-z-w2 10.10.250.254 1-50

Prevention strategies

Common methods of attack:

①syn attack ②ddos attack ③ malicious scan

SYN attack:

Using TCP protocol Defects to

DDoS attacks:

Distributed access denial of service attacks

① reduce the number of retries when sending Syn+ack packets (temporary settings, permanent need to write configuration files)

Sysctl-w net.ipv4.tcp_synack_retries=3sysctl-w net.ipv4.tcp_syn_retries=3

②syn Cookies Technology

Sysctl-w Net.ipv4.tcp_syncookies=1

③ Add Backlog queue

Sysctl-w net.ipv4.tcp_max_syn_backlog=2048

To close the ICMP protocol request:

Sysctl-w net.ipv4.icmp_echo_ignore_all=1

Prevent scanning by iptables

Iptables-a forward-p tcp-syn-m limit-limit 1/s-limit-burst 5-j acceptiptables-a forward-p tcp-tcp-flags SYN,ACK, Fin,rst rst-m limit-limit 1/s-j acceptiptables-a forward-p icmp-icmp-type echo-request-m limit-limit 1/s-j ACCEPT

This article is from the "we_need_to_try" blog, make sure to keep this source http://liuxiao255.blog.51cto.com/10551403/1840822

Linux system scanning Technology