Basic Network Security Volume 5 in John R Hines Computer Security for Mere Mortals, short documents that show how to have the most computer security with the least effort pdf pdf
Basic Network Security Volume 5 in John R. Hines’ Computer Security for Mere Mortals, short documents that show how to have the most computer security with the least effort
Net+ Certified, Security+ Certified John R. Hines
, Consulting Security Engineer, LLC
“Plagiarism is when the author steals from one source; scholarship is when the author steals from many sources.” -- Anonymous "Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passions, they cannot alter the state of facts and evidence." --John Adams
Oholiab's First Law: The Suits' need for computing power expands until all the Geeks' servers are 100% utilized running database queries and printing reports during business hours. Corollary to Oholiab's First Law: Development can only access the servers purchased for development when nobody else wants them.
Oholiab's first law of security (Murphy's first law of planning): The important things are simple. Oholiab's second law of security (Murphy's second law of planning): The simple things are very hard. Oholiab's corollary to the first and second laws of security: Simple and easy are not the same thing. Fools don't know the difference.
Warning: If you’re not smart enough to sort the cow pies from the pearls in
these notes, you do not have permission to read these notes! Copyright © Consulting Security Engineer LLC. All rights reserved. 2016
ISBN N/A Version 1.201708212300
Suggested reading (when you have time)oul Anderson badly formatted but great ideas
Table of Contents
Revision History Rev Change
1.0 Created and published document
Security Is security a new problem?
No! Security has always been a problem! Even strong men have security concerns: "When the strong man, fully armed, guards his own dwelling, his goods are safe. But when someone stronger attacks him and overcomes him, he takes from him his whole armour in which he trusted, and divides his spoils." (Luke 11:21-22)
required for a complete "gang of misrule" (crime family). M gives these as " … For men, there are fourteen roles: (1) ruffler, (2) upright man, (3) hooker (angler), (4) rogue, (5) wild rogue, (6) priggers of prancers, (7) palliards, (8) frater, (9) jarkman (patricoe) (10) whip jacket, (11) drummerer (dommerer), (12) drunken tinker (13) swadder (pedlar), and (14) Abram man. For women (and children) there are nine roles: (1) demander for glimmer or fire, (2) bawdy basket, (3) morts, (4) autem mort, (5) walking morts (6) doxy, (7) dell, (8) kinching mort, and (9) kinching cove." (Buy my book if you want to know what all these specialties are.) Add hackers and
What is security? The dictionary definition of security is "being free from danger or threat"
Experience indicates no one is secure, at least in the dictionary sense. Solomon had a different take on security (or, maybe, on the lack of security): "The race is not to the swift or the battle to the strong, nor does food come to the wise or wealth to the brilliant or favor to the learned; but time and chance happen to them all" (NIV). (Bumper stickers on the back of pickups summarize Solomon's quote in two words: "Excrement happens".) Damon Runyon, writer of "Guys and Dolls" offered an amendment to Solon's advice: " The race is not always to the swift, nor the battle to the strong, but that's the way to bet." The way to be secure is to be good and hope to be lucky. And, (if you've read any of Runyon's other works), the way not to be secure to be not good (unless you're very, very lucky).
So, I suggest a different definition of security that emphasizes our part in keeping ourselves secure: "things done and things left undone that give as much control as possible over the future". Be good (the things done), be careful (the things not done), and hope to be lucky. One more quote: "Luck is what happens when preparation meets opportunity" (Seneca, First Century AD, possibly misattributed). Prepare for Murphy to knock on your door. A disaster for the unprepared is an opportunity for the prepared.
What is computer security?
The dictionary says, "measures taken to safeguard code, information, and systems". A more sensible definition of computer security is "(1) reasonable measures taken to safeguard code, information, and systems, (2) unreasonable measures not taken to safeguard code, information, and systems, and (3) measures not taken to avoid low-rewards." Unfortunately, reasonable, unreasonable, and low-reward are (like beauty) in the mind of the beholder.
What is in these notes?
I'm going to tell you what I think are reasonable and unreasonable measures and what are low-reward measures.
What is a low-reward measure?
A security measure that that has a small payoff for the inconvenience, money and time associated with the measure. Most of the measures advocated by security professionals a low-reward measures.
What is a reasonable measure?
A security measure that that has a significant payoff for the inconvenience, money and time associated with the measure.
Reasonable measures that are not terribly inconvenient for a non- professional and require little money and time should ALWAYS be implemented. Reasonable measures that are terribly inconvenient for a non- professional but require only a small amount of time and money should be implemented when possible. (Maybe hire a professional for a half- day?) Reasonable measures that are not inconvenient for a non-professional but require a small amount of time and money should be implemented when possible. (I define a small amount of money as my monthly business cell phone and internet bill. You may have a different definition.) Reasonable measures that are terribly inconvenient for a non- professional and require a lot of money should only be implemented if you have suspect you are a potential target. Warning: If you are (1) involved in politics or social issues, (2) are visible in your community for some reason, or (3) have strange family members or neighbors then you should suspect you are a target.
What is an unreasonable measure?
A security measure that that has become popular wisdom but probably is of little value. (A few years ago, one argument for switching from a PC to a Mac was "Macs don't get viruses." If that was ever true, it isn't now but many Mac sales people and users still believe it and repeat it to non-Mac users.) Send me an email at to let me know when I'm wrong. Thanks, John
Why care about networks?
If you use the internet, you're on a network. If you use the internet at work, at a library, at a restaurant or whoever supplies the connection (hopefully) has a professional who takes care of network details for you. However, if you use the internet at home or at your small business, you have a small network (an intranet) in your home. If all you have is a direct wired connection to the internet -- no WIFI -- then the intranet is just your cable modem and your computer and your problems are small. As soon as you add a router to your intranet you have (potential) network problems. So, you need to know enough to do basic security stuff.
What do these notes assume you've already done?
The notes assume you have read "Computer security: a 15-minute talk" and have already implemented the security measures described in "Basic Windows 10 Security" and "Basic Phone and Tablet Security". Also, if you have a router in addition to your cable modem, they assume you have implemented the security measures in "Basic Router Security". These notes will still be useful if you have not implemented the measures above but you will have holes in your security. Caveat emptor! Note: All these notes are available as eBooks on Amazon.com. Search the Kindle area for "John R. Hines".
What simple reasonable measures will improve security on your intranet?
Warning: This note is in a different format than the previous notes because the problems you are resolving are different. Note: Remember, these notes are for SOHOs and home users: no fire marshal, no industrial engineer, no security engineer to detect problems before they become disasters.
Measure #1: Have two routers: one for business use and one for all other uses
Most SOHOs and all homes have three kinds of users: business users, business and recreational users, and others (mostly friends, families, and visitors). Recreational use and "other" use has two securities down sides: (1) it slows down business use and (2) it frequently brings malware into the intranet (making security less sure). Most modern cable modems allow you to attach multiple routers in parallel. Take advantage of this by installing a good (fast) router for business use (the safe intranet) and an old (cheap) router for all other use (the risky intranet). BTW: You can put on your CV that you've partitioned a network for improved security
Mistake #1A: Not moving computers that do both business and non-business to the risky intranet
Yes, they will be less secure and go slower. But, they are on the risky intranet because they choose to do risky thing. Measure #2 will partially resolve this problem.
Mistake #1B: Not moving friends, family and visitors to WIFI associated with the risky intranet
Laptops, phones and tablets used by friends, family, and visitors should be assumed to be infected. Also, games and data downloads over WIFI will slow down business computers (even when the computers are wired to the intranet) and business phones and tablets.
Mistake #1C: Telling friends, family, and visitors that you've put them on the risky intranet
Measure #2: Have at least one old slow network computer for
non-business (and for friends and family) use
All you need on this computer is windows, current antimalware software, and a browser. Yes, it's slow but it's only for browsing on the Internet.
Mistake #2A: Not placing this computer on a separate intranet (the risky intranet, if you have one)
Don't ask, don't tell.
Measure #3: Shutdown the business (secure) router when no oneis the office
Unless you (or a key employee) like to work late at night, program your business router to turn off from 8 PM to 6 AM (or, whatever times make sense). When the router is up, bad guys have a pathway to attack your network. You can't avoid that during the day but you may figure there is a problem when your computer slows to a crawl. Why give them access to your network when no one will see the network slowdown? Also, if a computer goes zombie, it will on be behaving badly when someone is there to notice its behavior.
What is a zombie (member of a botnet)?
Compromised internet-connected computer whose security defenses have been breached and control ceded to some bad guy. BTW: A herd or zombies is called a botnet.
Measure #4: Shutdown the risky (insecure) router when no one should be on the internet
Besides protecting the computers attached to the risky routers when no one should be using the internet, you can prevent your kids from being on the internet instead of sleeping.
Measure #5: Do a quick walk about every quarter (when the season changes) (when TV switches to a different major sport)
Before you start your walkabout, ask yourself, "Have I written an AUP?" If not, make a note to write one. Also, verify that you can log in to the cable modem and the router(s). Take a pen and a piece of paper (unless you can type quickly on your tablet). Do you see any devices you don't remember installing or paying for? An employee's workstation or a router buried under a pile of crud? Cables going to strange places or left where you could trip over them? Since you're already walking about, check the air flow and temperature of each computer, each router and the cable modem. (I once discovered my granddaughter using a router as a coat hook. Had to replace the router and had to retrain the granddaughter since my wife would let me replace the granddaughter.) Check your secure place. Is the secure information storage container still there? Is your information still in the container? Are admin-equivalent user
IDs and passwords for ALL the computers, routers and cable modem still in the box?
What is an AUP (Acceptable Use Policy) (fair use policy)?
S set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guide lines as to how it should be used. Alternative: Document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet. Many businesses and educational facilities require that employees or students sign an acceptable use policy before being granted a network ID. Can be very short. Warning: If management hasn't prohibited some form of behavior, it's hard to fire someone who has behaved incorrectly!
Measure #6: Do a quick audit of all computers about every quarter (when the season changes) (when TV switches to a different major sport)
Go to each computer and login as an admin equivalent. (You should be an admin-equivalent on all your computers. Otherwise, you can't administer the computer. If not, you've discovered a potential disaster!) Are there users you don't recognize? Are the "Guest" accounts? Are there programs you don't remember buying? Are there games? Is the anti-malware current? Does the anti-malware pop up a warning when you insert a flash drive into a USB slot? (Maybe this should be in your AUP?)
What is an admin-equivalent (admin-equivalent user)?
User who has the same rights as the admin. Can make system changes and install software.
What is a standard user?
Cannot modify operating system settings or other users' data. Cannot (usually) install software.
Appendices Appendix I: Network basics What is a cable modem? Connects a computer or local network (intranet) to broadband Internet service through the same cable that supplies cable television service or the cable that supplies more modern services like FIOS or U-verse.
What is an intranet (Intranet) (private network)? Private network combining existing LAN and WAN technologies
and new Internet technologies. Has all the features of the Internet.
Many intranets. Typically use 10.x.x.x, 127.x.x.x, 172.16.x.x
through 172.31.x.x or 192.168.x.x. Typically connected to the (oneand only) internet by a cable modem but may be stand-alone.
What is a network (computer network)? Connected graph where nodes are computer network nodes and edges are computer-to-computer connections.
What is a gateway? Network node that is an entrance to another network. Often a router.
What is a LAN (Local Area Network) (Local network)?
Hardware and software that turns terminals, workstations, servers,
and hosts into a single network environment in a small geographicregion like a building. Alternative (more modern): A network segment that may or may not be connected to another network.
Larger networks are created by "gluing" two or more LANs together, typically with a router.
What is a network address (network number)? Bit pattern or group of hexadecimal numbers that uniquely
identifies a network node. In IPv4, eight hex characters, each pair
(except the last) separated by dots. (Four bytes.) In IPv6, 32 hex characters, each quad (except the last) separated by colons. (16 bytes.) What is a network device? Component (hardware) that connects ("glues") computers or other electronic devices together to share files or resources. Usually a network node.
What is a network edge? Single physical connection between two computers. Sometimes
used a synonym for connection (network connection). Alternative:Cable with connectors at both ends that connects two nodes What is a network node (computer network node) (network host) (node)? An addressable device attached to a computer network.
What is a network segment? Logical group of computers that share a network resource like a router, VLAN, or switch segmentation.
What is a subnet (subnetwork) (network subnet)? Logical, visible subdivision of an IP network. Computers that belong to a subnet are addressed with a common, identical, most- significant bit-group in their IP address. Note: The practice of
dividing a network into two or more networks is called subnetting.
What is broadband (wideband)?
Communications medium that provides enough bandwidth to overa wide frequency to satisfy a typical internet user (at least gigabit speed).
What is a communication medium? (usually high speed) data transmission that can simultaneously
transport multiple signals and traffic types. Typically, coaxial cable
What is IP (Internet Protocol)?
Basic protocol of the Internet. It enables the unreliable delivery ofindividual packets from one host to another. It makes no
guarantees about whether or not the packet will be delivered, how
long it will take, or if multiple packets will arrive in the order theywere sent. Protocols built on top of this add the notions of connection and reliability.
What is the internet (Internet) (public network)?
Large network with millions of hosts from many organizations andcountries around the world. Amalgamation of many smaller
networks. Data travels by a common set of protocols (starting withTCP/IP). All (well, almost all-ignore 10.x.x.x, 127.x.x.x,
172.16.x.x through 172.31.x.x and 192.168.x.x) internet addressesare unique.
What is an IP address (Logical address) (Network address)?
In IPv4, 32-bits or a quad of octets (four bytes). In IPv6, 128-bitsor a hex of octets (eight bytes) or 16 hex characters. A software address, not a hard-coded address.
What is TCP (Transmission Control Protocol)? Network reliable communication protocol, typically sits on top of IP. See UDP.
What is WIFI (Wi-Fi) (Wifi) (WiFi) (Wireless networking) (Unbounded media)?
Local area wireless technology to exchange data or connect to the internet (usually using 2.4 GHz UHF and 5 GHz SHF)
What is wired (hard-wired)? Connected to other devices by cables, usually ethernet cables. What is wireless? Connected to other devices by WIFI (typically using a WAP).
Appendix II: Common network utilities What is the command window (command box) (DOS box)? In Windows, a popup window that acts (somewhat) like the (now obsolete) DOS command line where the user enters instructions from the keyboard. It can be opened by clicking on the cmd or
power shell entry in the windows dropdown menu. Warning: The"admin" version allows admin-equivalent users to run most
commands; the standard version limits what the user can do even ifhe is an admin-equivalent.
Controls network connections on DHCP and DNS. Acronym for internet protocol configuration (called ifconfig -interface configurator- in Linux). Use “netmask” before the subnet. Note: Early versions of Windows used winipcfg.exe. Three main options:
Outputs IP address, network mask and gateway for all NICs (both physical and virtual) ipconfig all (/all) Outputs defaults plus DNS and WINS. ipconfig /all flushdns (/flushdns), displaydns (/displaydns)
Flushes/displays dns cache on all NICs ipconfig /flushdns release (/release)
Terminates all TCP connections, releases leases on all IP addresses on NICs. ipconfig /release renew (/renew)
Renews leases on all IP addresses on NIC. ipconfig /renew Setclassid Managing DHCP server. Seldom used. (/setclassid), ipconfig /setclassid showclassid (/showclassid)
Windows diagnostic tool for NetBIOS that troubleshoot NetBIOS name resolution problems. Seldom used.
Net (Net services)
Performs a broad range of network tasks. Type net with no parameters to see a full list of available command-line options. Typical syntax is
NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG |
LOCALGROUP | PAUSE | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER| VIEW]
NET ACCOUNTS Change account settings NET COMPUTER Add and remove other networked computers NET CONFIG Displays current SERVER or WORKSTATION NET CONTINUE Continue using SERVICE
NET FILE Display all the open shared files on aserver and the lock-id NET GROUP Manage network workgroups NET HELP NET HELPMSG NET Manage network groups LOCALGROUP NET NAME Manage messaging name NET PAUSE Pause service
NET SESSION List all sessions on current machine
\\ComputerName : List sessions from a given machine NET SHARE sharename Manage local share NET START Start service NET STATISTICS Display network statistics for
WORKSTATION or SERVER NET STOP Stop service NET TIME Display date/time of another
computerNET USE Connects / disconnects the computer from a shared resource or view the information about current computer connections. NET USER Displays users NET VIEW Display computers in the local domain NET VIEW
\\ComputerName See shares on computer
Netstat (netstat) (network statistics)
Displays network connections for Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics.
- a state of all sockets
- b displays executable creating connection
- n shows network addresses as numbers
- o displays owning process
nslookup (Nslookup) (NSLOOKUP)
Network administration command-line tool available for many computer operating systems for querying the DNS to obtain domain name or IP address mapping or other specific DNS records. To access help, type nslookup [CR]. When the nslookup prompt appears, enter "?"/
Appendix III: Why do I care about intranets? If you have a home connection to the internet, you automatically have an intranet in your home, although it may be a (very) small
intranet. (If all you have is a wired connection to the internet -- noWIFI -- then the intranet is just your cable modem and your
computer.) As soon as you add a router to your intranet, you havean intranet with (potential) network problems.
Appendix III: Using ipconfig to find basic network information How do I open a Command window (Command box) (DOS box) PowerShell window? Right click on the windows flag then click on the Windows PowerShell (Admin) entry. In earlier versions, click on the Command (Admin) entry.
How do I find out what IP and what router my PC is using? Open a PowerShell Window (Admin). Type [ipconfig
What is a command window (command box) (DOS box) (PowerShell window)?
In Windows, a popup window that acts (somewhat) like the (now obsolete) DOS command line where the user enters instructions
from the keyboard. Warning: The "admin" version allows admin-
equivalent users to run most commands; the standard version limitswhat the user can do even if he is also an admin-equivalent under another user name.
Click on the "YES" button when Windows 10 asks you if you wantto allow this application to changes things. Soon, a small blue window with a command prompt will pop up. Type "ipconfig" then press [ENTER]. The IPv4 entry shows the workstation IP address on the intranet. The Default Gateway entry shows the gateway (router that connects the intranet to the internet). The Subnet Mask says the intranet is 192.168.1.0-255. Write these numbers down on a piece of scrap paper. You may want them later.
Appendix IV: Use Nmap with Zenmap GUI to find out what your intranet looks like?
How do I use nmap to find out what my network looks like?
Before you start, make sure every device on your network and
every device attached to your intranet by USB is turned on. BTW:This includes phones and tablets attached by USB cables. Note: Nmap is not going to detect devices attached to your network by
Start Zenmap as an admin-equivalent. When a full-screen window
pops up asking you if Zenmap can make changes, click on "Yes".The Zenmap window will pop up.
Enter the intranet addresses (188.8.131.52-255) you got from ipconfig and click on the "SCAN" button. Wait patiently: The
scan will take multiple minutes. When done, you can look at theNmap/Zenmap results by clicking on the various Zenmap tabs.
What does Nmap/Zenmap tell me about my home network?
Hosts found by Nmap/Zenmap displayed in Zenmap host viewerServices found by Nmap/Zenmap displayed in "Services" tab
Ports on hosts found by Nmap/Zenmap in Hosts Ports/Hosts tabNetwork image found by Nmap/Zenmap in Hosts à Topology à Fisheye tab Output found by Nmap/Zenmap in Hosts à Nmap Output tab.
When the scan is done, you will something like this:
Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-19 14:12 Central Daylight Time NSE: Loaded 146 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 14:12 Completed NSE at 14:12, 0.00s elapsed Initiating NSE at 14:12 Completed NSE at 14:12, 0.00s elapsed Initiating ARP Ping Scan at 14:12 Scanning 255 hosts [1 port/host]
Completed ARP Ping Scan at 14:12, 2.84s elapsed (255 total hosts)Initiating Parallel DNS resolution of 255 hosts. at 14:12 Completed Parallel DNS resolution of 255 hosts. at 14:12, 5.53s elapsed Nmap scan report for 192.168.1.0 [host down] Nmap scan report for 192.168.1.1 [host down] //removed unneeded information Nmap scan report for 192.168.1.63 [host down] //found some hosts ß 192.168.1.64, .65, .66 Nmap scan report for 192.168.1.67 [host down] Nmap scan report for 192.168.1.68 [host down] //found some hosts ß 192.168.1.69
Nmap scan report for 192.168.1.70 [host down] //removed unneeded information Nmap scan report for 192.168.1.253 [host down] //found host ß 192.168.1.254 Nmap scan report for 192.168.1.255 [host down] Initiating Parallel DNS resolution of 1 host. at 14:12 Completed Parallel DNS resolution of 1 host. at 14:13, 5.51s elapsed Initiating SYN Stealth Scan at 14:13 Scanning 5 hosts [1000 ports/host] Discovered open port 443/tcp on 192.168.1.254 Discovered open port 80/tcp on 192.168.1.254 Discovered open port 49152/tcp on 192.168.1.254
Completed SYN Stealth Scan against 192.168.1.254 in 0.83s (4 hosts left) ß Discovered open port 554/tcp on 192.168.1.64 Discovered open port 2869/tcp on 192.168.1.64 Discovered open port 10243/tcp on 192.168.1.64 Discovered open port 5357/tcp on 192.168.1.64 Completed SYN Stealth Scan against 192.168.1.64 in 13.35s (3 hosts left) ß Completed SYN Stealth Scan against 192.168.1.66 in 13.79s (2 hosts left) ß Completed SYN Stealth Scan against 192.168.1.73 in 13.79s (1 host left) ß Completed SYN Stealth Scan at 14:13, 16.88s elapsed (5000 total ports) Initiating Service scan at 14:13 Scanning 7 services on 5 hosts Completed Service scan at 14:15, 106.16s elapsed (7 services on 5 hosts) Initiating OS detection (try #1) against 5 hosts Retrying OS detection (try #2) against 4 hosts NSE: Script scanning 5 hosts.
Initiating NSE at 14:15 Completed NSE at 14:16, 64.79s elapsed Initiating NSE at 14:16 Completed NSE at 14:16, 1.02s elapsed Nmap scan report for DESKTOP-NSCEFQ7 (192.168.1.64) Host is up (0.0017s latency).
Not shown: 996 filtered ports PORT STATE SERVICE VERSION
554/tcp open rtsp? 2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Service Unavailable 10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found MAC Address: 2C:27:D7:1C:D7:AC (Hewlett Packard) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): FreeBSD 6.X (91%), Microsoft Windows 2008 (87%) OS CPE: cpe:/o:freebsd:freebsd:6.2 cpe:/o:microsoft:windows_server_2008::beta3 cpe:/o:microsoft:windows_server_2008
Aggressive OS guesses: FreeBSD 6.2-RELEASE (91%), Microsoft Windows Server 2008 or 2008 Beta 3 (87%) No exact OS matches for host (test conditions non-ideal).
Uptime guess: 1.701 days (since Thu Aug 17 21:26:18 2017) Network Distance: 1 hop TCP Sequence Prediction: Difficulty=253 (Good luck!)
IP ID Sequence Generation: Incremental Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
HOP RTT ADDRESS 1 1.75 ms DESKTOP-NSCEFQ7 (192.168.1.64) Nmap scan report for Tenda (192.168.1.66) Host is up (0.0011s latency). Not shown: 999 filtered ports PORT STATE SERVICE VERSION 1723/tcp closed pptp MAC Address: C8:3A:35:19:BC:C9 (Tenda Technology) Too many fingerprints match this host to give specific OS details Network Distance: 1 hop
HOP RTT ADDRESS 1 1.06 ms Tenda (192.168.1.66) Nmap scan report for android-da7c67eef6602955 (192.168.1.69) Host is up (0.083s latency). All 1000 scanned ports on android-da7c67eef6602955 (192.168.1.69) are filtered MAC Address: DC:66:72:23:97:D7 (Samsung Electronics) Too many fingerprints match this host to give specific OS details Network Distance: 1 hop
HOP RTT ADDRESS 1 83.00 ms android-da7c67eef6602955 (192.168.1.69) Nmap scan report for DESKTOP-OR5KQ2L (192.168.1.73) Host is up (0.00s latency). All 1000 scanned ports on DESKTOP-OR5KQ2L (192.168.1.73) are filtered MAC Address: 00:26:55:3B:E0:F8 (Hewlett Packard) Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop
HOP RTT ADDRESS 1 0.00 ms DESKTOP-OR5KQ2L (192.168.1.73) Nmap scan report for homeportal (192.168.1.254) Host is up (0.0028s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 80/tcp open http 2Wire HomePortal router http config |_http-title: Home 443/tcp open ssl/http 2Wire HomePortal router http config | ssl-cert: Subject: commonName=attlocal.net/organizationName=2Wire/countryName=US | Issuer: commonName=Gateway Authentication/organizationName=2Wire/countryName=US | Public Key type: rsa | Public Key bits: 1024 | Signature Algorithm: sha1WithRSAEncryption | Not valid before: 2015-12-22T16:35:31 | Not valid after: 2031-01-17T16:35:31 | MD5: f65d dfe1 004d 6764 7a75 c15d da64 b265 |_SHA-1: e1aa f90f ba4c 63ad d62f be75 a218 1aa9 42f4 524c 49152/tcp open tcpwrapped MAC Address: E0:22:03:D6:83:A5 (Unknown) Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.27 Uptime guess: 1.699 days (since Thu Aug 17 21:29:33 2017) Network Distance: 1 hop TCP Sequence Prediction: Difficulty=193 (Good luck!)
IP ID Sequence Generation: All zeros Service Info: Device: broadband router
HOP RTT ADDRESS 1 2.79 ms homeportal (192.168.1.254) Initiating SYN Stealth Scan at 14:16
Scanning SCE-10Pro-Workstation (192.168.1.65) [1000 ports] Discovered open port 445/tcp on 192.168.1.65 Discovered open port 554/tcp on 192.168.1.65 Discovered open port 135/tcp on 192.168.1.65 Discovered open port 139/tcp on 192.168.1.65 Discovered open port 2869/tcp on 192.168.1.65 Discovered open port 10243/tcp on 192.168.1.65 Discovered open port 5357/tcp on 192.168.1.65 Completed SYN Stealth Scan at 14:16, 0.36s elapsed (1000 total ports) Initiating Service scan at 14:16 Scanning 7 services on SCE-10Pro-Workstation (192.168.1.65) Completed Service scan at 14:18, 106.04s elapsed (7 services on 1 host) Initiating OS detection (try #1) against SCE-10Pro-Workstation (192.168.1.65) Retrying OS detection (try #2) against SCE-10Pro-Workstation (192.168.1.65) NSE: Script scanning 192.168.1.65.
Initiating NSE at 14:18 ß Completed NSE at 14:19, 65.21s elapsed Initiating NSE at 14:19 ß Completed NSE at 14:19, 1.00s elapsed Nmap scan report for SCE-10Pro-Workstation (192.168.1.65) Host is up (0.000080s latency).
Not shown: 993 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Windows 10 Pro 15063 microsoft-ds (workgroup: WORKGROUP) 554/tcp open rtsp? 2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Service Unavailable 10243/tcp open http Microsoft HTTPAPI httpd 2.0
(SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Not Found Aggressive OS guesses: Microsoft Windows 10 10586 - 14393 (96%), Microsoft Windows 10 build 10074 - 14393 (96%), Version 6.1 (Build 7601: Service Pack 1) (96%), Microsoft Windows 10 build 10586 (95%), Microsoft Windows 10 build 15031 (95%), Microsoft Windows 10 (93%), Microsoft Windows Longhorn (93%), Microsoft Windows Server 2008 (93%), Microsoft Windows Server 2016 build 10586 (93%), Microsoft Windows 7 Professional (93%) No exact OS matches for host (test conditions non-ideal).
Uptime guess: 0.026 days (since Sat Aug 19 13:41:40 2017) Network Distance: 0 hops TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: Incremental Service Info: Host: SCE-10PRO-WORKS; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb-os-discovery: | OS: Windows 10 Pro 15063 (Windows 10 Pro 6.3) | OS CPE: cpe:/o:microsoft:windows_10::- | Computer name: SCE-10Pro-Workstation | NetBIOS computer name: SCE-10PRO-WORKS\x00 | Workgroup: WORKGROUP\x00 |_ System time: 2017-08-19T14:18:11-05:00 | smb-security-mode: | account_used: <blank> | authentication_level: user | challenge_response: supported |_ message_signing: disabled (dangerous, but default) | smb2-security-mode: | 2.02: |_ Message signing enabled but not required | smb2-time: | date: 2017-08-19 14:18:13 |_ start_date: 2017-08-19 13:42:10 NSE: Script Post-scanning.
ß Initiating NSE at 14:19
Completed NSE at 14:19, 0.00s elapsed Initiating NSE at 14:19 Completed NSE at 14:19, 0.00s elapsed Read data files from: C:\Program Files (x86)\Nmap OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (6 hosts up) scanned in 388.85 seconds Raw packets sent: 10799 (489.882KB) | Rcvd: 3247 (143.088KB)
What is Nmap?
An open source command-line scanner. Zenmap is a GUI for Nmap. Try https://nmap.org/ .
What documents are part of this series?
Volume 1: 5-Minute security talk Volume 2: 15-Minute security talk Volume 3: Basic Windows 10 Security Volume 4: Basic Router Security Volume 5: Basic Network Security Volume 6: Basic Browser Security Volume 7: Advanced Windows 10 Security Volume 8: Advanced Router Security Volume 9: Advanced Network Security Volume 10: Advanced Browser Security Volume 11: Basic Windows 7 Security Volume 12: Basic Phone and Tablet Security Volume 13: Advanced Phone and Tablet Security Volume 14: Basic eMail Security Volume 15: Advanced eMail Security Volume 16: Basic Developing Secure Apps
John R. Hines has degrees from two party schools (the University
of Colorado and Arizona State University). He was a professionalengineer in Texas. He has been a semiconductor engineer, a programmer, a writer and a teacher. Since he retired to Lucas,
Texas, he has been writing eBooks for Amazon and thinking aboutcomputer security and taking CompTIA certification tests (he is A+, Net+, and Security+ certified).
In the 1980s, the US Patent and Trademark Office granted him sixpatents and he began writing about using computers to solve problems. He wrote a book about circuit simulation and taught SPICE (Simulation Program with Integrated Circuit Emphasis) classes at Fortune 500 companies. In the 1990s, he had computer-related columns in popular trade magazines like Electronic Test and Design Automation and scholarly magazines like IEEE Spectrum and taught C, C++, Delphi and Java.
In the 2000s, he was a Java developer for America’s best telephonecompany. In late 2016, he started prototyping a security start-up to test a business model for geek geezers who want to work less than 20 hours a week.
Google him under JR Hines, J. Richard Hines (Honeywell did notwant him writing under his usual name), John Hines and John R. Hines. Or look at his computer books on Amazon.com.