Professional Documents
Culture Documents
SYSTEM IDENTIFICATION
LESSON 5 – SYSTEM IDENTIFICATION
All works in the Hacker Highschool project are provided for non-commercial use with
elementary school students, junior high school students, and high school students whether in a
public institution, private institution, or a part of home-schooling. These materials may not be
reproduced for sale in any form. The provision of any class, course, training, or camp with
these materials for which a fee is charged is expressly forbidden without a license including
college classes, university classes, trade-school classes, summer or computer camps, and
similar. To purchase a license, visit the LICENSE section of the Hacker Highschool web page at
www.hackerhighschool.org/license.
The HHS Project is a learning tool and as with any learning tool, the instruction is the influence
of the instructor and not the tool. ISECOM cannot accept responsibility for how any
information herein is applied or abused.
The HHS Project is an open community effort and if you find value in this project, we do ask
you support us through the purchase of a license, a donation, or sponsorship.
2
LESSON 5 – SYSTEM IDENTIFICATION
Table of Contents
“License for Use” Information.................................................................................................................. 2
Contributors................................................................................................................................................
4
5.0 Introduction..........................................................................................................................................5
5.1 Identifying a Server.............................................................................................................................. 6
5.1.1 Identifying the Owner of a Domain..........................................................................................6
5.1.2 Identifying the IP address of a Domain....................................................................................6
5.2 Identifying Services.............................................................................................................................. 6
5.2.1 Ping and TraceRoute................................................................................................................... 6
5.2.2 Banner Grabbing......................................................................................................................... 7
5.2.3 Identifying Services from Ports and Protocols..........................................................................7
5.3 System Fingerprinting.......................................................................................................................... 9
5.3.1 Scanning Remote Computers.................................................................................................... 9
Further Reading........................................................................................................................................ 12
3
LESSON 5 – SYSTEM IDENTIFICATION
Contributors
Chuck Truett, ISECOM
Marta Barceló, ISECOM
Kim Truett, ISECOM
Pete Herzog, ISECOM
4
LESSON 5 – SYSTEM IDENTIFICATION
5.0 Introduction
It is obvious that someone who sits down at the keyboard of your computer can gather
information about it, including the operating system and the programs that are running, but it
is also possible for someone to use a network connection to gather information about a
remote computer. This lesson will describe some of the ways in which that information can be
gathered. Knowing how this information is gathered will help you to ensure that your local
computer is safe from these activities.
5
LESSON 5 – SYSTEM IDENTIFICATION
6
LESSON 5 – SYSTEM IDENTIFICATION
7
LESSON 5 – SYSTEM IDENTIFICATION
8
LESSON 5 – SYSTEM IDENTIFICATION
What ports are open? Using a web search engine, can you match these ports with the
services that run on them? (This would be a good exercise to try at home, also, to see if your
computer is running unnecessary – and potentially dangerous – services, such as FTP and
telnet.)
Run nmap, using the -sS (for SYN Stealth scan), and -O (for guess operating system) switches
and the IP address 127.0.0.1 as the target.
nmap -sS -O 127.0.0.1
The IP address 127.0.0.1 specifies the local host, or your local computer. (Note: this is different
from the IP address that other computers on the internet use to communicate with yours; on
any machine, the IP address 127.0.0.1 refers to the local computer) What open ports does
nmap find? What services and programs are using these ports? Try running nmap while you
have a web browser or telnet client open. Does this change the results?
9
LESSON 5 – SYSTEM IDENTIFICATION
10
LESSON 5 – SYSTEM IDENTIFICATION
11
LESSON 5 – SYSTEM IDENTIFICATION
Further Reading
Nmap: http://www.insecure.org/nmap/
More on Nmap:
http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=8702942&classr
oom=
Fport:http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent
=/resources/proddesc/fport.htm
A number of site detailing ports and the services that use them:
http://www.chebucto.ns.ca/~rakerman/port-table.html
http://www.chebucto.ns.ca/~rakerman/port-table.html#IANA
http://www.iana.org/assignments/port-numbers
http://www.networksorcery.com/enp/protocol/ip/ports00000.htm
Various DNS lookups: http://www.dnsstuff.com/
Ping:http://www.freesoft.org/CIE/Topics/53.htm
12