信息安全技术上机实验报告.doc

计算机与信息工程学院2010/2011(1) 学期 上机实验报告课程名称：信息安全技术 姓 名： 学 号： 指导教师： 班 级： 日 期： 2010.9.21 【一】实验内容及要求实验名称：风险评估自动化实验目的：利用多种企业级信息安全扫描工具进行风险评估与漏洞分析，掌握企业级扫描系统的应用方法和报告生成原则，理解评估报告的格式、声明等要素。实验内容：1、 使用GFI LANguard扫描校园网中的某一网段，或者特定主机，对扫描结果进行分析，指出存在安全问题的计算机，并说明可能由此引起的入侵行为。具体操作说明可以自己网上查询，或者参照英文官方文档。2、 使用nmap扫描某一台特定主机，对扫描结果进行分析，指出主机的操作系统类型及运行的服务。另外再使用5种不同的参数组合对目标主机进行扫描，说明每种参数的作用，并给出扫描的结果。若未得到期望的扫描结果，请说明原因并更换目标主机重新进行扫描，直至得到期望的结果。具体命令操作说明可以自己网上查询，或者参照中文官方文档。3、 通过上网调查现有的其他风险评估与漏洞分析软件和技术，自己再尝试下载一个软件进行风险评估和漏洞分析。【二】完成报告Ping扫描 使用Nmap扫描整个网络寻找目标。通过使用-sP命令，进行ping扫描。缺省情况下，Nmap给每个扫描到的主机发送一个ICMPecho和一个TCPACK,主机对所有一种的响应都会被Nmap得到。如果不发送ICMPecho请求，但要检查系统的可用性，这种扫描可能得不到一些站点的响应。在这种情况下，一个TCPping就可用于扫描目标网络。扫描/24网络： .C:Documents and Settingsstudentnmap -sP /24Starting Nmap 4.01 ( /nmap ) at 2010-09-21 11:54 中国标准时间Host appears to be up.MAC Address: 00:13:C3:84:31:7F (Cisco Systems)Host 4 appears to be up.MAC Address: 00:E0:4C:51:9F:44 (Realtek Semiconductor)Host 2 appears to be up.Host 5 appears to be up.MAC Address: 00:E0:4C:57:09:B7 (Realtek Semiconductor)Host 9 appears to be up.MAC Address: 00:E0:4C:B3:12:B5 (Realtek Semiconductor)Host 0 appears to be up.MAC Address: 00:E0:4C:51:35:B4 (Realtek Semiconductor)Host 7 appears to be up.MAC Address: 00:09:FF:FF:35:C9 (X.net 2000 GmbH)Host 9 appears to be up.MAC Address: 00:09:4C:50:4D:BE (Communication Weaver Co.)Host 0 appears to be up.MAC Address: 00:E0:4C:51:35:C7 (Realtek Semiconductor)Host 1 appears to be up.MAC Address: 00:E0:4C:28:EE:66 (Realtek Semiconductor)Host 2 appears to be up.MAC Address: 00:E0:4C:50:5D:68 (Realtek Semiconductor)Host 3 appears to be up.MAC Address: 00:E0:4C:54:81:F7 (Realtek Semiconductor)Host 4 appears to be up.MAC Address: 00:E0:4C:4C:47:5D (Realtek Semiconductor)Host 6 appears to be up.MAC Address: 00:E0:4C:B3:12:BF (Realtek Semiconductor)Host 7 appears to be up.MAC Address: 00:E0:4C:B3:12:CB (Realtek Semiconductor)Host 9 appears to be up.MAC Address: 00:E0:4C:A4:2D:B8 (Realtek Semiconductor)Host 0 appears to be up.MAC Address: 00:E0:4C:A4:2D:EB (Realtek Semiconductor)Host 4 appears to be up.MAC Address: 00:E0:4C:75:63:94 (Realtek Semiconductor)Host 9 appears to be up.MAC Address: 00:E0:4C:50:0F:88 (Realtek Semiconductor)Host 0 appears to be up.MAC Address: 00:E0:4C:C2:77:24 (Realtek Semiconductor)Host 1 appears to be up.MAC Address: 00:E0:4C:12:DC:E5 (Realtek Semiconductor)Host 2 appears to be up.MAC Address: 00:E0:4C:4C:49:CB (Realtek Semiconductor)Host 3 appears to be up.MAC Address: 00:E0:4C:B3:12:DA (Realtek Semiconductor)Host 7 appears to be up.MAC Address: 00:E0:4C:47:AC:D0 (Realtek Semiconductor)Host 8 appears to be up.MAC Address: 00:E0:4C:B3:12:DD (Realtek Semiconductor)Host 9 appears to be up.MAC Address: 00:E0:4C:B3:11:C6 (Realtek Semiconductor)Host 9 appears to be up.MAC Address: 00:E0:4C:50:4A:60 (Realtek Semiconductor)Nmap finished: 256 IP addresses (27 hosts up) scanned in 7.046 seconds端口扫描(PortScanning) 一个攻击者使用TCP连接扫描非常容易被发现，因为Nmap将使用connect()系统调用打开目标机上相关端口的连接，并完成三次TCP握手。黑客登录到主机将显示开放的端口。一个tcp连接扫描使用-sT命令如下。 隐蔽扫描(StealthScanning) 如果一个攻击者不愿在扫描时使其信息被记录在目标系统日志上，TCPSYN扫描可帮你的忙，他非常少会在目标机上留下记录，三次握手的过程从来都不会完全实现。通过发送一个SYN包（是TCP协议中的第一个包）开始一次SYN的扫描。所有开放的端口都将有一个SYN|ACK响应。然而，攻击者发送一个RST替代ACK，连接中止。三次握手得不到实现，也就非常少有站点能记录这样的探测。如果是关闭的端口，对最初的SYN信号的响应也会是RST，让NMAP知道该端口不在监听。-sS命令将发送一个SYN扫描探测主机或网络： C:Documents and Settingsstudentnmap -sS 2Starting Nmap 4.01 ( /nmap ) at 2010-09-21 11:59 中国标准时间Interesting ports on 2:(The 1664 ports scanned but not shown below are in state: closed)PORT STATE SERVICE25/tcp open smtp80/tcp open http135/tcp open msrpc139/tcp open netbios-ssn443/tcp open https445/tcp open microsoft-ds1029/tcp open ms-lsa7000/tcp open afs3-fileserverMAC Address: 00:09:4C:57:FB:F2 (Communication Weaver Co.)Nmap finished: 1 IP address (1 host up) scanned in 1.922 secondsUDP扫描(UDPScanning) 如果一个攻击者寻找一个流行的UDP漏洞，比如rpcbind漏洞或cDcBackOrifice。为了查出哪些端口在监听，则进行UDP扫描，即可知哪些端口对UDP是开放的。Nmap将发送一个O字节的UDP包到每个端口。如果主机返回端口不可达，则表示端口是关闭的。但这种方法受到时间的限制，因为大多数的UNIX主机限制ICMP错误速率。幸运的是，Nmap本身检测这种速率并自身减速，也就不会产生溢出主机的情况。 C:Documents and Settingsstudentnmap -sU 2Starting Nmap 4.01 ( /nmap ) at 2010-09-21 12:00 中国标准时间Interesting ports on 2:(The 1473 ports scanned but not shown below are in state: closed)PORT STATE SERVICE123/udp open|filtered ntp137/udp open|filtered netbios-ns138/udp open|filtered netbios-dgm445/udp open|filtered microsoft-ds500/udp open|filtered isakmp1900/udp o