Research Project AIT 614 Network Hacking & Prevention

Purpose: The purpose of this research is to find how easy or hard it is to gather information of a remote network by using readily available tools, programming codes and other commands. This research at any time did not attempt to hack into a network, nor did it try to gather sensitive information with a malicious intent. This research concentrated on How to obtain an IP address of a person chatting over a MSN/Yahoo messenger How to obtain an IP address of a remote website How to obtain information of the owner of the website How to obtain information on where the website being hosted and their serve information This research used the following tools to achieve the above, Nmap pcHacker Tracker 3.1 Visual Route 2006 Angry IP scan (Port Scanner) Network Hacking: To obtain an IP address of a person on MSN or Yahoo messenger, you need to establish a direct connection with that target computer. This could be achieved by sending the target system a request to transfer a file and using netstat n in command prompt white the file being transferred. However, this IP address is a dynamic IP address. To obtain an IP address of a website, you could open the website in the Internet Browser and use netstat n. This will give you the IP address of the website. You could also use the tool Visual Route 2006 to obtain the IP address of the website. This tool also tells you other information such as, physical location where the website is hosted, information of the hosting company (physical address, contact details and contact person, NetRange, CIDR, NetHandle, etc) and information of the owner of the website (name, address, contact numbers etc). Refer to Appendix 1: Visual Route 2006 screen shots. This information of the person is enough to locate the peoples whereabouts in the world. Its important for a hacker to find out the open ports of a network. A hacker could use TCP connection port scanning, TCP/SYN Scanning, SYN/ACK Scanning, TCP FIN Scanning and FTP Bounce Attack Port Scanning programs written in C or Perl to gather information on a network. A hacker could also use tools such as nmap and Angry IP Scan to find open ports of a remote network. nmap command nmap IP address of the target system give you a list of all open ports of the target system. You could also use Angry IP Scan to scan a range of ports of the target system. Angry IP Scan scans the range of ports and returns with a list of all open ports. Refer to Appendix 2: nmap and Angry IP Scan screen shots

pcHacker Tracker 3.1 is a tool which keeps track of who is scanning the network ports. This logs the Intruders IP, port, date and time of scan. However this is not a free tool. Its also possible to use netstat a command to detect SYN, SYN/ACK and FIN scans. You could use the HTTP port of the target systems to find out the web server running in the server. Simply telnet to Port 80 of the target system, type an invalid HTTP command in the input prompt and press ENTER Twice. The response from the daemon at Port 80 may contain the web server name and version its running. As a precaution, you could configure the HTTP daemon to not display the Operating system name in the header. One can also use echo requests or ping to find out whether the target system is alive and connected to the internet. However, you could block ping and echo requests at router level by adding the following rules, Access-list 101 deny icmp any any 8 - filter out all echo request packets and discard them Access-list 101 deny icmp any any 8 Access-list 101 permit icmp xx.xx.xx.xx 0.0.0.225 any 8 - discard all echo requests except those that are coming from your ISP (whose IP address is xx.xx.xx.xx) Conclusion: by using the above tools and methods, one can get information on a remote network (its location, open ports, web server and version, whether its alive or not) and information on the owner of a website (name, contact details, physical location etc). An organization and individuals could take the following actions to prevent an attack if using MSN/Yahoo messengers deny requests for file transfer and if possible not use messenger at all Use IP address blocking tools Use tools such as pcHacker Tracker which logs any attempt to scan the ports of the network Have good firewall and firewall policies (and implement them) References: Network Security, A Hackers Prospective by Ankit Fadia. Macmillan India Ltd., 2003 pcHacker Tracker 3.1 Gold Software (http://www.gold-software.com/download8853.html) Angry IP Scan AngryZiber (http://www.angryziber.com/ipscan/) VisualRoute 2006 Visualware (http://www.visualroute.com/) nmap insecure.org (http://www.insecure.org/nmap/)

Appendix 1: Visual Route Screen shots

Visual Route Map

Network and Owner details

Appendix 2: namp and Angry IP screen shots

nmap UDP and TCP port scanning

Angry IP Scan Port Scanner