Basic Network Security

Volume 5 in John R. Hines’ Computer Security for Mere

Mortals, short documents that show how to have the most

computer security with the least effort

John R. Hines

Net+ Certified, Security+ Certified

, Consulting

Security Engineer, LLC

JohnRichardHines@ConsultingSecurityEngineer.com

“Plagiarism is when the author steals from one source; scholarship is when the author steals from many sources.” -- Anonymous

"Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passions, they cannot alter the state of facts and

evidence." --John Adams

Oholiab's First Law: The Suits' need for computing power expands until all the Geeks' servers are 100% utilized running database queries and printing

reports during business hours.

Corollary to Oholiab's First Law: Development can only access the servers purchased for development when nobody else wants them.

Oholiab's first law of security (Murphy's first law of planning): The important things are simple.

Oholiab's second law of security (Murphy's second law of planning): The simple things are very hard.

Oholiab's corollary to the first and second laws of security: Simple and easy are not the same thing. Fools don't know the difference.

Warning: If you’re not smart enough to sort the cow pies from the pearls in these notes, you do not have permission to read these notes!

ISBN N/A

Suggested reading (when you have time)

Kill Process by William Hertling

Table of Contents

Suggested reading (when you have time)

Revision History

Security

Is security a new problem? What is security?

What is computer security? What is in these notes?

Networks

Why care about networks?

What do these notes assume you've already done?

What simple reasonable measures will improve security on your intranet? Measure #1: Have two routers: one for business use and one for all other uses

Measure #2: Have at least one old slow network computer for non-business (and for friends and family) use

Measure #3: Shutdown the business (secure) router when no one is the office

Measure #4: Shutdown the risky (insecure) router when no one should be on the internet

Measure #5: Do a quick walk about every quarter (when the season changes) (when TV switches to a different major sport)

Measure #6: Do a quick audit of all computers about every quarter (when the season changes) (when TV switches to a different major sport)

Appendices

Appendix I: Network basics What is a cable modem?

What is IP (Internet Protocol)?

What is the internet (Internet) (public network)? What is TCP (Transmission Control Protocol)?

What is WIFI (Wi-Fi) (Wifi) (WiFi) (Wireless networking) (Unbounded media)?

What is wired (hard-wired)? What is wireless?

Appendix II: Common network utilities

What is the command window (command box) (DOS box)? Ipconfig (IPCONFIG)

Nbtstat

Net (Net services)

Netstat (netstat) (network statistics) nslookup (Nslookup) (NSLOOKUP)

Appendix III: Why do I care about intranets?

Appendix III: Using ipconfig to find basic network information How do I open a Command window (Command box) (DOS box) PowerShell window?

How do I find out what IP and what router my PC is using?

What is a command window (command box) (DOS box) (PowerShell window)?

Appendix IV: Use Nmap with Zenmap GUI to find out what your intranet looks like?

How do I use nmap to find out what my network looks like? What does Nmap/Zenmap tell me about my home network? What is Nmap?

Revision History

Rev Change

Security

Is security a new problem?

No! Security has always been a problem! Even strong men have security concerns: "When the strong man, fully armed, guards his own dwelling, his goods are safe. But when someone stronger attacks him and overcomes him, he takes from him his whole armour in which he trusted, and divides his spoils." (Luke 11:21-22)

Criminals form gangs to defeat strong men. Captain Grose' 1811 Dictionary of the Vulgar Tongue (nineteenth century lexicographer) lists 23 occupations required for a complete "gang of misrule" (crime family). My dictionary

gives these as " … For men, there are fourteen roles: (1) ruffler, (2) upright man, (3) hooker (angler), (4) rogue, (5) wild rogue, (6) priggers of prancers, (7) palliards, (8) frater, (9) jarkman (patricoe) (10) whip jacket, (11)

drummerer (dommerer), (12) drunken tinker (13) swadder (pedlar), and (14) Abram man. For women (and children) there are nine roles: (1) demander for glimmer or fire, (2) bawdy basket, (3) morts, (4) autem mort, (5) walking morts (6) doxy, (7) dell, (8) kinching mort, and (9) kinching cove." (Buy my book if you want to know what all these specialties are.) Add hackers and testers and you have the kind of crime family HP describes in The Business of Hacking, capable of stealing from the strong as well as the weak.

What is security?

The dictionary definition of security is "being free from danger or threat". Experience indicates no one is secure, at least in the dictionary sense.

Solomon had a different take on security (or, maybe, on the lack of security): "The race is not to the swift or the battle to the strong, nor does food come to the wise or wealth to the brilliant or favor to the learned; but time and chance happen to them all" (NIV). (Bumper stickers on the back of pickups

summarize Solomon's quote in two words: "Excrement happens".)

Damon Runyon, writer of "Guys and Dolls" offered an amendment to Solon's advice: " The race is not always to the swift, nor the battle to the strong, but that's the way to bet." The way to be secure is to be good and hope to be lucky. And, (if you've read any of Runyon's other works), the way not to be secure to be not good (unless you're very, very lucky).

keeping ourselves secure: "things done and things left undone that give as much control as possible over the future". Be good (the things done), be careful (the things not done), and hope to be lucky.

One more quote: "Luck is what happens when preparation meets

opportunity" (Seneca, First Century AD, possibly misattributed). Prepare for Murphy to knock on your door. A disaster for the unprepared is an

opportunity for the prepared.

What is computer security?

The dictionary says, "measures taken to safeguard code, information, and systems". A more sensible definition of computer security is "(1) reasonable measures taken to safeguard code, information, and systems, (2)

unreasonable measures not taken to safeguard code, information, and

systems, and (3) measures not taken to avoid low-rewards." Unfortunately, reasonable, unreasonable, and low-reward are (like beauty) in the mind of the beholder.

What is in these notes?

I'm going to tell you what I think are reasonable and unreasonable measures and what are low-reward measures.

What is a low-reward measure?

A security measure that that has a small payoff for the inconvenience, money and time associated with the measure. Most of the measures advocated by security professionals a low-reward measures.

What is a reasonable measure?

A security measure that that has a significant payoff for the inconvenience, money and time associated with the measure.

Reasonable measures that are not terribly inconvenient for a non-professional and require little money and time should ALWAYS be implemented.

Reasonable measures that are terribly inconvenient for a

non-professional but require only a small amount of time and money should be implemented when possible. (Maybe hire a professional for a half-day?)

when possible. (I define a small amount of money as my monthly business cell phone and internet bill. You may have a different definition.)

Reasonable measures that are terribly inconvenient for a

non-professional and require a lot of money should only be implemented if you have suspect you are a potential target. Warning: If you are (1) involved in politics or social issues, (2) are visible in your community for some reason, or (3) have strange family members or neighbors then you should suspect you are a target.

What is an unreasonable measure?

A security measure that that has become popular wisdom but probably is of little value. (A few years ago, one argument for switching from a PC to a Mac was "Macs don't get viruses." If that was ever true, it isn't now but many Mac sales people and users still believe it and repeat it to non-Mac users.)

Networks

Why care about networks?

If you use the internet, you're on a network. If you use the internet at work, at a library, at a restaurant or whoever supplies the connection (hopefully) has a professional who takes care of network details for you. However, if you use the internet at home or at your small business, you have a small network (an intranet) in your home. If all you have is a direct wired connection to the internet -- no WIFI -- then the intranet is just your cable modem and your computer and your problems are small. As soon as you add a router to your intranet you have (potential) network problems. So, you need to know enough to do basic security stuff.

What do these notes assume you've already done?

The notes assume you have read "Computer security: a 15-minute talk" and have already implemented the security measures described in "Basic

Windows 10 Security" and "Basic Phone and Tablet Security". Also, if you have a router in addition to your cable modem, they assume you have

What simple reasonable measures will improve

security on your intranet?

Warning: This note is in a different format than the previous notes because the problems you are resolving are different. Note: Remember, these notes are for SOHOs and home users: no fire marshal, no industrial engineer, no security engineer to detect problems before they become disasters.

Measure #1: Have two routers: one for business use and one for

all other uses

Most SOHOs and all homes have three kinds of users: business users, business and recreational users, and others (mostly friends, families, and visitors). Recreational use and "other" use has two securities down sides: (1) it slows down business use and (2) it frequently brings malware into the intranet (making security less sure). Most modern cable modems allow you to attach multiple routers in parallel. Take advantage of this by installing a good (fast) router for business use (the safe intranet) and an old (cheap) router for all other use (the risky intranet). BTW: You can put on your CV that you've partitioned a network for improved security

Mistake #1A: Not moving computers that do both business and

non-business to the risky intranet

Yes, they will be less secure and go slower. But, they are on the risky intranet because they choose to do risky thing. Measure #2 will partially resolve this problem.

Mistake #1B: Not moving friends, family and visitors to WIFI

associated with the risky intranet

Laptops, phones and tablets used by friends, family, and visitors should be assumed to be infected. Also, games and data downloads over WIFI will slow down business computers (even when the computers are wired to the intranet) and business phones and tablets.

Mistake #1C: Telling friends, family, and visitors that you've put

them on the risky intranet

:-)

non-business (and for friends and family) use

All you need on this computer is windows, current antimalware software, and a browser. Yes, it's slow but it's only for browsing on the Internet.

Mistake #2A: Not placing this computer on a separate intranet

(the risky intranet, if you have one)

Don't ask, don't tell.

Measure #3: Shutdown the business (secure) router when no one

is the office

Unless you (or a key employee) like to work late at night, program your business router to turn off from 8 PM to 6 AM (or, whatever times make sense). When the router is up, bad guys have a pathway to attack your network. You can't avoid that during the day but you may figure there is a problem when your computer slows to a crawl. Why give them access to your network when no one will see the network slowdown? Also, if a

computer goes zombie, it will on be behaving badly when someone is there to notice its behavior.

What is a zombie (member of a botnet)?

Compromised internet-connected computer whose security defenses have been breached and control ceded to some bad guy. BTW: A herd or zombies is called a botnet.

Measure #4: Shutdown the risky (insecure) router when no one

should be on the internet

Besides protecting the computers attached to the risky routers when no one should be using the internet, you can prevent your kids from being on the internet instead of sleeping.

Measure #5: Do a quick walk about every quarter (when the

season changes) (when TV switches to a different major sport)

Before you start your walkabout, ask yourself, "Have I written an AUP?" If not, make a note to write one. Also, verify that you can log in to the cable modem and the router(s).

employee's workstation or a router buried under a pile of crud? Cables going to strange places or left where you could trip over them?

Since you're already walking about, check the air flow and temperature of each computer, each router and the cable modem. (I once discovered my granddaughter using a router as a coat hook. Had to replace the router and had to retrain the granddaughter since my wife would let me replace the granddaughter.)

Check your secure place. Is the secure information storage container still there? Is your information still in the container? Are admin-equivalent user IDs and passwords for ALL the computers, routers and cable modem still in the box?

What is an AUP (Acceptable Use Policy) (fair use policy)?

S set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guide lines as to how it should be used.

Alternative: Document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet. Many businesses and educational facilities require that employees or students sign an

acceptable use policy before being granted a network ID. Can be very short. Warning: If management hasn't prohibited some form of behavior, it's hard to fire someone who has behaved incorrectly!

Measure #6: Do a quick audit of all computers about every

quarter (when the season changes) (when TV switches to a

different major sport)

Go to each computer and login as an admin equivalent. (You should be an admin-equivalent on all your computers. Otherwise, you can't administer the computer. If not, you've discovered a potential disaster!) Are there users you don't recognize? Are the "Guest" accounts? Are there programs you don't remember buying? Are there games? Is the anti-malware current? Does the anti-malware pop up a warning when you insert a flash drive into a USB slot? (Maybe this should be in your AUP?)

What is an admin-equivalent (admin-equivalent user)?

What is a standard user?

Appendices

Appendix I: Network basics

What is a cable modem?

Connects a computer or local network (intranet) to broadband

Internet service through the same cable that supplies cable

television service or the cable that supplies more modern services

like FIOS or U-verse.

What is an intranet (Intranet) (private network)?

Private network combining existing LAN and WAN technologies

and new Internet technologies. Has all the features of the Internet.

Many intranets. Typically use 10.x.x.x, 127.x.x.x, 172.16.x.x

through 172.31.x.x or 192.168.x.x. Typically connected to the (one

and only) internet by a cable modem but may be stand-alone.

What is a network (computer network)?

Connected graph where nodes are computer network nodes and

edges are computer-to-computer connections.

What is a gateway?

Network node that is an entrance to another network. Often a

router.

What is a LAN (Local Area Network) (Local network)?

Hardware and software that turns terminals, workstations, servers,

and hosts into a single network environment in a small geographic

region like a building. Alternative (more modern): A network

segment that may or may not be connected to another network.

Larger networks are created by "gluing" two or more LANs

together, typically with a router.

What is a network address (network number)?

Bit pattern or group of hexadecimal numbers that uniquely

(except the last) separated by dots. (Four bytes.) In IPv6, 32 hex

characters, each quad (except the last) separated by colons. (16

bytes.)

What is a network device?

Component (hardware) that connects ("glues") computers or other

electronic devices together to share files or resources. Usually a

network node.

What is a network edge?

Single physical connection between two computers. Sometimes

used a synonym for connection (network connection). Alternative:

Cable with connectors at both ends that connects two nodes

What is a network node (computer network node) (network host)

(node)?

An addressable device attached to a computer network.

What is a network segment?

Logical group of computers that share a network resource like a

router, VLAN, or switch segmentation.

What is a subnet (subnetwork) (network subnet)?

Logical, visible subdivision of an IP network. Computers that

belong to a subnet are addressed with a common, identical,

most-significant bit-group in their IP address. Note: The practice of

dividing a network into two or more networks is called subnetting.

What is broadband (wideband)?

Communications medium that provides enough bandwidth to over

a wide frequency to satisfy a typical internet user (at least gigabit

speed).

What is a communication medium?

(usually high speed) data transmission that can simultaneously

What is IP (Internet Protocol)?

Basic protocol of the Internet. It enables the unreliable delivery of

individual packets from one host to another. It makes no

guarantees about whether or not the packet will be delivered, how

long it will take, or if multiple packets will arrive in the order they

were sent. Protocols built on top of this add the notions of

connection and reliability.

What is the internet (Internet) (public network)?

Large network with millions of hosts from many organizations and

countries around the world. Amalgamation of many smaller

networks. Data travels by a common set of protocols (starting with

TCP/IP). All (well, almost all-ignore 10.x.x.x, 127.x.x.x,

172.16.x.x through 172.31.x.x and 192.168.x.x) internet addresses

are unique.

What is an IP address (Logical address) (Network address)?

In IPv4, 32-bits or a quad of octets (four bytes). In IPv6, 128-bits

or a hex of octets (eight bytes) or 16 hex characters. A software

address, not a hard-coded address.

What is TCP (Transmission Control Protocol)?

Network reliable communication protocol, typically sits on top of

IP. See UDP.

What is WIFI (Wi-Fi) (Wifi) (WiFi) (Wireless networking)

(Unbounded media)?

Local area wireless technology to exchange data or connect to the

internet (usually using 2.4 GHz UHF and 5 GHz SHF).

What is wired (hard-wired)?

Connected to other devices by cables, usually ethernet cables.

What is wireless?

Appendix II: Common network utilities

What is the command window (command box) (DOS box)?

In Windows, a popup window that acts (somewhat) like the (now

obsolete) DOS command line where the user enters instructions

from the keyboard. It can be opened by clicking on the cmd or

power shell entry in the windows dropdown menu. Warning: The

"admin" version allows admin-equivalent users to run most

commands; the standard version limits what the user can do even if

he is an admin-equivalent.

Ipconfig (IPCONFIG)

Controls network connections on DHCP and DNS. Acronym for internet protocol configuration (called ifconfig -interface configurator- in Linux). Use “netmask” before the subnet. Note: Early versions of Windows used

winipcfg.exe. Three main options:

Option

_Purpose

Outputs IP address, network mask and

gateway for all NICs (both physical and

virtual)

ipconfig

all (/all)

_{Outputs defaults plus DNS and WINS.}

ipconfig /all

flushdns

(/flushdns),

displaydns

(/displaydns)

Flushes/displays dns cache on all NICs

ipconfig /flushdns

release

(/release)

Terminates all TCP connections, releases

_{leases on all IP addresses on NICs.}

_ipconfig

/release

renew

Setclassid

(/setclassid),

showclassid

(/showclassid)

Managing DHCP server. Seldom used.

ipconfig /setclassid

Nbt

s

tat

Windows diagnostic tool for NetBIOS that troubleshoot NetBIOS name resolution problems. Seldom used.

Net (Net services)

Performs a broad range of network tasks. Type net with no parameters to see a full list of available command-line options. Typical syntax is

NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | PAUSE | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW]

NET ACCOUNTS

Change account settings

NET COMPUTER

Add and remove other networked

computers

NET CONFIG

Displays current SERVER or

WORKSTATION

NET CONTINUE

Continue using SERVICE

NET FILE

Display all the open shared files on a

server and the lock-id

NET GROUP

Manage network workgroups

NET HELP

NET HELPMSG

NET

LOCALGROUP

Manage network groups

NET NAME

Manage messaging name

NET PAUSE

Pause service

NET SESSION

\\ComputerName:

List sessions from a given machine

NET SHARE

sharename

Manage local share

NET START

Start service

NET STATISTICS

Display network statistics for

WORKSTATION or SERVER

NET STOP

Stop service

NET TIME

Display date/time of another

computer

NET USE

Connects / disconnects the computer

from a shared resource or view the

information about current computer

connections.

NET USER

Displays users

NET VIEW

Display computers in the local

domain

NET VIEW

\\ComputerName

See shares on computer

Netstat (netstat) (network statistics)

Displays network connections for Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics.

-a state of all sockets

-b displays executable

creating connection

-n shows network

-o displays owning process

nslookup (Nslookup) (NSLOOKUP)

Network administration command-line tool available for many computer operating systems for querying the DNS to obtain domain name or IP address mapping or other specific DNS records. To access help, type nslookup

[CR]. When the nslookup prompt appears, enter "?"/

Appendix III: Why do I care about intranets?

If you have a home connection to the internet, you automatically

have an intranet in your home, although it may be a (very) small

intranet. (If all you have is a wired connection to the internet -- no

WIFI -- then the intranet is just your cable modem and your

computer.) As soon as you add a router to your intranet, you have

an intranet with (potential) network problems.

Appendix III: Using ipconfig to find basic network

information

How do I open a Command window (Command box) (DOS box)

PowerShell window?

Right click on the windows flag then click on the Windows

PowerShell (Admin) entry. In earlier versions, click on the

Command (Admin) entry.

How do I find out what IP and what router my PC is using?

Open a PowerShell Window (Admin). Type [ipconfig

What is a command window (command box) (DOS box)

(PowerShell window)?

Click on the "YES" button when Windows 10 asks you if you want

to allow this application to changes things. Soon, a small blue

window with a command prompt will pop up. Type "ipconfig"

then press [ENTER]. The IPv4 entry shows the workstation IP

address on the intranet. The Default Gateway entry shows the

gateway (router that connects the intranet to the internet). The

Subnet Mask says the intranet is 192.168.1.0-255. Write these

numbers down on a piece of scrap paper. You may want them

later.

Appendix IV: Use Nmap with Zenmap GUI to find

out what your intranet looks like?

How do I use nmap to find out what my network looks like?

Before you start, make sure every device on your network and

Enter the intranet addresses (192.169.1.0-255) you got from

ipconfig and click on the "SCAN" button. Wait patiently: The

scan will take multiple minutes. When done, you can look at the

Nmap/Zenmap results by clicking on the various Zenmap tabs.

What does Nmap/Zenmap tell me about my home network?

Hosts found by Nmap/Zenmap displayed in Zenmap host viewer

Ports on hosts found by Nmap/Zenmap in Hosts Ports/Hosts tab

Network image found by Nmap/Zenmap in

Hosts

à

_Topology

à

_{Fisheye tab}

Output found by Nmap/Zenmap in Hosts

à

_{Nmap Output tab.}

Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-19 14:12

Central Daylight Time

NSE: Loaded 146 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 14:12

Completed NSE at 14:12, 0.00s elapsed

Initiating NSE at 14:12

Completed NSE at 14:12, 0.00s elapsed

Initiating ARP Ping Scan at 14:12

Scanning 255 hosts [1 port/host]

Completed ARP Ping Scan at 14:12, 2.84s elapsed (255 total hosts)

Initiating Parallel DNS resolution of 255 hosts. at 14:12

Completed Parallel DNS resolution of 255 hosts. at 14:12, 5.53s

elapsed

Nmap scan report for 192.168.1.0 [host down]

Nmap scan report for 192.168.1.1 [host down]

//removed unneeded information

Nmap scan report for 192.168.1.63 [host down]

//found some hosts

ß

192.168.1.64, .65, .66

Nmap scan report for 192.168.1.67 [host down] Nmap scan report for 192.168.1.68 [host down]

//found some hosts

ß

192.168.1.69

Nmap scan report for 192.168.1.70 [host down] //removed unneeded information

Nmap scan report for 192.168.1.253 [host down] //found host ß _{192.168.1.254}

Nmap scan report for 192.168.1.255 [host down] Initiating Parallel DNS resolution of 1 host. at 14:12

Completed Parallel DNS resolution of 1 host. at 14:13, 5.51s elapsed Initiating SYN Stealth Scan at 14:13

Scanning 5 hosts [1000 ports/host]

Completed SYN Stealth Scan against 192.168.1.254 in 0.83s (4 hosts left) ß

Discovered open port 554/tcp on 192.168.1.64 Discovered open port 2869/tcp on 192.168.1.64 Discovered open port 10243/tcp on 192.168.1.64 Discovered open port 5357/tcp on 192.168.1.64

Completed SYN Stealth Scan against 192.168.1.64 in 13.35s (3 hosts left) ß

Completed SYN Stealth Scan against 192.168.1.66 in 13.79s (2 hosts left) ß

Completed SYN Stealth Scan against 192.168.1.73 in 13.79s (1 host left) ß

Completed SYN Stealth Scan at 14:13, 16.88s elapsed (5000 total ports) Initiating Service scan at 14:13

Scanning 7 services on 5 hosts

Completed Service scan at 14:15, 106.16s elapsed (7 services on 5 hosts) Initiating OS detection (try #1) against 5 hosts

Retrying OS detection (try #2) against 4 hosts NSE: Script scanning 5 hosts.

Initiating NSE at 14:15

Completed NSE at 14:16, 64.79s elapsed Initiating NSE at 14:16

Completed NSE at 14:16, 1.02s elapsed

Nmap scan report for DESKTOP-NSCEFQ7 (192.168.1.64) Host is up (0.0017s latency).

Not shown: 996 filtered ports

PORT STATE SERVICE VERSION

554/tcp open rtsp?

2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)

|_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Service Unavailable 10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0

|_http-title: Not Found

MAC Address: 2C:27:D7:1C:D7:AC (Hewlett Packard)

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

Device type: general purpose

Running (JUST GUESSING): FreeBSD 6.X (91%), Microsoft Windows 2008 (87%)

OS CPE: cpe:/o:freebsd:freebsd:6.2

Aggressive OS guesses: FreeBSD 6.2-RELEASE (91%), Microsoft Windows Server 2008 or 2008 Beta 3 (87%)

No exact OS matches for host (test conditions non-ideal). Uptime guess: 1.701 days (since Thu Aug 17 21:26:18 2017) Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=253 (Good luck!) IP ID Sequence Generation: Incremental

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows TRACEROUTE

HOP RTT ADDRESS

1 1.75 ms DESKTOP-NSCEFQ7 (192.168.1.64) Nmap scan report for Tenda (192.168.1.66)

Host is up (0.0011s latency). Not shown: 999 filtered ports

PORT STATE SERVICE VERSION 1723/tcp closed pptp

MAC Address: C8:3A:35:19:BC:C9 (Tenda Technology)

Too many fingerprints match this host to give specific OS details Network Distance: 1 hop

TRACEROUTE

HOP RTT ADDRESS

1 1.06 ms Tenda (192.168.1.66)

Nmap scan report for android-da7c67eef6602955 (192.168.1.69) Host is up (0.083s latency).

All 1000 scanned ports on android-da7c67eef6602955 (192.168.1.69) are filtered

MAC Address: DC:66:72:23:97:D7 (Samsung Electronics)

Too many fingerprints match this host to give specific OS details Network Distance: 1 hop

TRACEROUTE

HOP RTT ADDRESS

1 83.00 ms android-da7c67eef6602955 (192.168.1.69) Nmap scan report for DESKTOP-OR5KQ2L (192.168.1.73) Host is up (0.00s latency).

All 1000 scanned ports on DESKTOP-OR5KQ2L (192.168.1.73) are filtered MAC Address: 00:26:55:3B:E0:F8 (Hewlett Packard)

Network Distance: 1 hop TRACEROUTE

HOP RTT ADDRESS

1 0.00 ms DESKTOP-OR5KQ2L (192.168.1.73) Nmap scan report for homeportal (192.168.1.254) Host is up (0.0028s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

80/tcp open http 2Wire HomePortal router http config |_http-title: Home

443/tcp open ssl/http 2Wire HomePortal router http config | ssl-cert: Subject:

commonName=attlocal.net/organizationName=2Wire/countryName=US | Issuer: commonName=Gateway

Authentication/organizationName=2Wire/countryName=US | Public Key type: rsa

| Public Key bits: 1024

| Signature Algorithm: sha1WithRSAEncryption | Not valid before: 2015-12-22T16:35:31

| Not valid after: 2031-01-17T16:35:31

| MD5: f65d dfe1 004d 6764 7a75 c15d da64 b265

|_SHA-1: e1aa f90f ba4c 63ad d62f be75 a218 1aa9 42f4 524c 49152/tcp open tcpwrapped

MAC Address: E0:22:03:D6:83:A5 (Unknown) Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.27

Uptime guess: 1.699 days (since Thu Aug 17 21:29:33 2017) Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=193 (Good luck!) IP ID Sequence Generation: All zeros

Service Info: Device: broadband router TRACEROUTE

HOP RTT ADDRESS

Scanning SCE-10Pro-Workstation (192.168.1.65) [1000 ports] Discovered open port 445/tcp on 192.168.1.65

Discovered open port 554/tcp on 192.168.1.65 Discovered open port 135/tcp on 192.168.1.65 Discovered open port 139/tcp on 192.168.1.65 Discovered open port 2869/tcp on 192.168.1.65 Discovered open port 10243/tcp on 192.168.1.65 Discovered open port 5357/tcp on 192.168.1.65

Completed SYN Stealth Scan at 14:16, 0.36s elapsed (1000 total ports) Initiating Service scan at 14:16

Scanning 7 services on SCE-10Pro-Workstation (192.168.1.65)

Completed Service scan at 14:18, 106.04s elapsed (7 services on 1 host) Initiating OS detection (try #1) against SCE-10Pro-Workstation

(192.168.1.65)

Retrying OS detection (try #2) against SCE-10Pro-Workstation (192.168.1.65)

NSE: Script scanning 192.168.1.65. Initiating NSE at 14:18 ß

Completed NSE at 14:19, 65.21s elapsed Initiating NSE at 14:19 ß

Completed NSE at 14:19, 1.00s elapsed

Nmap scan report for SCE-10Pro-Workstation (192.168.1.65) Host is up (0.000080s latency).

Not shown: 993 closed ports

(SSDP/UPnP)

|_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Not Found

Aggressive OS guesses: Microsoft Windows 10 10586 - 14393 (96%),

Microsoft Windows 10 build 10074 - 14393 (96%), Version 6.1 (Build 7601: Service Pack 1) (96%), Microsoft Windows 10 build 10586 (95%), Microsoft Windows 10 build 15031 (95%), Microsoft Windows 10 (93%), Microsoft Windows Longhorn (93%), Microsoft Windows Server 2008 (93%),

Microsoft Windows Server 2016 build 10586 (93%), Microsoft Windows 7 Professional (93%)

No exact OS matches for host (test conditions non-ideal). Uptime guess: 0.026 days (since Sat Aug 19 13:41:40 2017) Network Distance: 0 hops

TCP Sequence Prediction: Difficulty=259 (Good luck!) IP ID Sequence Generation: Incremental

Service Info: Host: SCE-10PRO-WORKS; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results: | smb-os-discovery:

| OS: Windows 10 Pro 15063 (Windows 10 Pro 6.3) | OS CPE:

cpe:/o:microsoft:windows_10::-| Computer name: SCE-10Pro-Workstation

| NetBIOS computer name: SCE-10PRO-WORKS\x00 | Workgroup: WORKGROUP\x00

|_ System time: 2017-08-19T14:18:11-05:00 | smb-security-mode:

| account_used: <blank> | authentication_level: user | challenge_response: supported

|_ message_signing: disabled (dangerous, but default) | smb2-security-mode:

| 2.02:

|_ Message signing enabled but not required | smb2-time:

| date: 2017-08-19 14:18:13

ß Initiating NSE at 14:19

Completed NSE at 14:19, 0.00s elapsed Initiating NSE at 14:19

Completed NSE at 14:19, 0.00s elapsed

Read data files from: C:\Program Files (x86)\Nmap

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 256 IP addresses (6 hosts up) scanned in 388.85 seconds Raw packets sent: 10799 (489.882KB) | Rcvd: 3247 (143.088KB)

What is Nmap?

What documents are part of this series?

Volume 1: 5-Minute security talk Volume 2: 15-Minute security talk Volume 3: Basic Windows 10 Security Volume 4: Basic Router Security

Volume 5: Basic Network Security Volume 6: Basic Browser Security

Volume 7: Advanced Windows 10 Security Volume 8: Advanced Router Security

Volume 9: Advanced Network Security Volume 10: Advanced Browser Security Volume 11: Basic Windows 7 Security

Volume 12: Basic Phone and Tablet Security Volume 13: Advanced Phone and Tablet Security Volume 14: Basic eMail Security

Volume 15: Advanced eMail Security

Biography

John R. Hines has degrees from two party schools (the University

of Colorado and Arizona State University). He was a professional

engineer in Texas. He has been a semiconductor engineer, a

programmer, a writer and a teacher. Since he retired to Lucas,

Texas, he has been writing eBooks for Amazon and thinking about

computer security and taking CompTIA certification tests (he is

A+, Net+, and Security+ certified).

In the 1980s, the US Patent and Trademark Office granted him six

patents and he began writing about using computers to solve

problems. He wrote a book about circuit simulation and taught

SPICE (Simulation Program with Integrated Circuit Emphasis)

classes at Fortune 500 companies.

In the 1990s, he had computer-related columns in popular trade

magazines like Electronic Test and Design Automation and

scholarly magazines like IEEE Spectrum and taught C, C++,

Delphi and Java.

In the 2000s, he was a Java developer for America’s best telephone

company.

In late 2016, he started prototyping a security start-up to test a

business model for geek geezers who want to work less than 20

hours a week.