Discover the Network Topology With Nmap: Vulnerabilities Identified - Essay Sample

Describe the Network Topology you found When Running Nmap. Include Screenshots as Evidence of Running Nmap.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

A star topology of network is shown above. There are nine host computers connected to the central server. The network has five windows, computers, and two Linux computers.

Summarize the vulnerabilities on the network and their potential implications based on your Nmap results.

Port 135, Microsoft RPC is a remote procedure call that typically is used for the client/server relationship of applications. An example of this would be a local exchange service in a windows environment. Regarding vulnerabilities, 135/RPC is subject to attacks when being used by Windows NT, where a malformed request through the 135/RPC port could cause a denial of service attack (DoS).

A DoS would result in the user requiring to reboot their system to free up required resources for standard use of their system. This vulnerability is not necessarily applicable in this situation because this machine is likely running Windows 7 or 8 according to the Zenmap quick scan results.

A potentially more applicable vulnerability associated port 135/RPC could be a Blaster Worm exploit that uses ports 4444/TCP and 69/UDP to infect a computer, and then spreads throughout the network to associate system using port 135/RPC. A defense strategy for 135/RPC would be to isolate from internet exposure (Baloch, 2017).

Port 445, Microsoft Directory Services, is an SMB over IP that is typically used for shared access to files, printers, serial ports, and communications over the network. Unfortunately, this port is highly vulnerable to NetBIOS worms and can be used remotely to establish "bot armies" within the network. This port is best blocked by network and local firewalls to ensure any systems with internet access to not accidentally allow malicious traffic in searching to spread using Port 445/MDS. Mitigation strategies include inclusion of 445/MDS from the internet and use a firewall or NAT to block any traffic on port 445 (Baloch, 2017). Port 21, FTP, is another open port found on this network. FTP is a commonly used port for file transfer, but unfortunately, with its wide use comes numerous vulnerabilities. 21/FTP sends authentication via cleartext, making a man in the middle attack and packet sniffing a simple task for the attacker to obtain the username and password credentials transmitted through the network. The way to mitigate this is by encrypting traffic using SFTP or another transfer protocol (Rajkumar et al., 2018).

Port 80, HTTP is open and used on two of the machines in this network. This port is used for streaming access to internet web pages that do not have SSL/TLS certificates installed. The most common vulnerabilities of port 80 are Http commands like SQL injection and cross-site scripting. Information leakage can also be a vulnerability of port 80. This port was found open on a Windows 2016 server, which could pose a heavy threat to the network due to SQL injections, allowing the attacker to gain direct access to database components should there be any installed on this server. Vulnerabilities typically associated with port 80 can be avoided by using port 443/HTTPS over TLS instead (Rohrmann, Ercolani, & Patton, 2017).

Port 23/Telnet is a very common port used by many trojans to perform a wide array of attacks on a network. Some include worms that spread across a network controlling various machines on the network and leak data by sending to the attacker remotely. Other attacks lock up the systems operating system, deeming it utterly useless until reinstalled. Because of the nature of transparency, it is recommended that telnet be segregated from internet access or completely disabled unless needed. Hackers and malicious software will take priority interest in port 23/Telnet if recognized during sniffing the network (Rohrmann, Ercolani, & Patton, 2017).

Describe the Anomalies you found When Running Wireshark, on the Network Capture File, and Include Evidence of the Range of Packets Associated with each Anomaly.

A look at the log files within Wireshark shows it appears to be a system on IP address 172.16.80.243 using Nmap to sniff out open ports on a machine within our network (192.168.27.17). When using the ip.addr filter to isolate traffic directly affiliated with 172.16.80.243, we notice a series of incomplete 3-way handshakes being established on numerous ports. In the image above, we can see that the attacker is checking to see if port 139 is open, in which 192.168.27.17 response is a [SYN, ACK], but instead of the attacker sending an [ACK] to complete the 3-way handshake, it replies with [RST], thus closing the connection. This type of scanning is referred to as a half-open scan is one of the more common methods of scanning a network for vulnerabilities.

Summarize The Potential Implications Of Not Addressing Each Of The Anomalies Found When Running Wireshark.

Consequently, ignoring this risk implies that the attacker will find and utilize a vulnerability within the network to perform more detrimental attacks. This may include proceeding to perform data leakage tasks or shut down the system operations from within. Specifically, with port 139 being listed as a vulnerability, it is highly likely that a worm could be spread to other systems on the network while stealing and sending private data to the attacker remotely.

References

Bagyalakshmi, G., Rajkumar, G., Arunkumar, N., Easwaran, M., Narasimhan, K., Elamaran, V., ... & Ramirez-Gonzalez, G. (2018). Network vulnerability analysis on brain signal/image databases using Nmap and Wireshark tools. IEEE Access, 6, 57144-57151.

Baloch, R. (2017). Ethical hacking and penetration testing guide. Auerbach Publications.

Rohrmann, R. R., Ercolani, V. J., & Patton, M. W. (2017, July). Large scale port scanning through tor using parallel Nmap scans to scan large portions of the IPv4 range. In 2017 IEEE International Conference on Intelligence and Security Informatics (ISI) (pp. 185-187). IEEE.