Basic Network Security
Volume 5 in John R. Hines’ Computer Security for Mere
Mortals, short documents that show how to have the most
computer security with the least effort
John R. Hines
Net+ Certified, Security+ Certified, Consulting
Security Engineer, LLC
JohnRichardHines@ConsultingSecurityEngineer.com
“Plagiarism is when the author steals from one source; scholarship is when the author steals from many sources.” -- Anonymous
"Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passions, they cannot alter the state of facts and
evidence." --John Adams
Oholiab's First Law: The Suits' need for computing power expands until all the Geeks' servers are 100% utilized running database queries and printing
reports during business hours.
Corollary to Oholiab's First Law: Development can only access the servers purchased for development when nobody else wants them.
Oholiab's first law of security (Murphy's first law of planning): The important things are simple.
Oholiab's second law of security (Murphy's second law of planning): The simple things are very hard.
Oholiab's corollary to the first and second laws of security: Simple and easy are not the same thing. Fools don't know the difference.
Warning: If you’re not smart enough to sort the cow pies from the pearls in these notes, you do not have permission to read these notes!
ISBN N/A
Suggested reading (when you have time)
Kill Process by William Hertling
Table of Contents
Suggested reading (when you have time)
Revision History
Security
Is security a new problem? What is security?
What is computer security? What is in these notes?
Networks
Why care about networks?
What do these notes assume you've already done?
What simple reasonable measures will improve security on your intranet? Measure #1: Have two routers: one for business use and one for all other uses
Measure #2: Have at least one old slow network computer for non-business (and for friends and family) use
Measure #3: Shutdown the business (secure) router when no one is the office
Measure #4: Shutdown the risky (insecure) router when no one should be on the internet
Measure #5: Do a quick walk about every quarter (when the season changes) (when TV switches to a different major sport)
Measure #6: Do a quick audit of all computers about every quarter (when the season changes) (when TV switches to a different major sport)
Appendices
Appendix I: Network basics What is a cable modem?
What is IP (Internet Protocol)?
What is the internet (Internet) (public network)? What is TCP (Transmission Control Protocol)?
What is WIFI (Wi-Fi) (Wifi) (WiFi) (Wireless networking) (Unbounded media)?
What is wired (hard-wired)? What is wireless?
Appendix II: Common network utilities
What is the command window (command box) (DOS box)? Ipconfig (IPCONFIG)
Nbtstat
Net (Net services)
Netstat (netstat) (network statistics) nslookup (Nslookup) (NSLOOKUP)
Appendix III: Why do I care about intranets?
Appendix III: Using ipconfig to find basic network information How do I open a Command window (Command box) (DOS box) PowerShell window?
How do I find out what IP and what router my PC is using?
What is a command window (command box) (DOS box) (PowerShell window)?
Appendix IV: Use Nmap with Zenmap GUI to find out what your intranet looks like?
How do I use nmap to find out what my network looks like? What does Nmap/Zenmap tell me about my home network? What is Nmap?
Revision History
Rev Change
Security
Is security a new problem?
No! Security has always been a problem! Even strong men have security concerns: "When the strong man, fully armed, guards his own dwelling, his goods are safe. But when someone stronger attacks him and overcomes him, he takes from him his whole armour in which he trusted, and divides his spoils." (Luke 11:21-22)
Criminals form gangs to defeat strong men. Captain Grose' 1811 Dictionary of the Vulgar Tongue (nineteenth century lexicographer) lists 23 occupations required for a complete "gang of misrule" (crime family). My dictionary
gives these as " … For men, there are fourteen roles: (1) ruffler, (2) upright man, (3) hooker (angler), (4) rogue, (5) wild rogue, (6) priggers of prancers, (7) palliards, (8) frater, (9) jarkman (patricoe) (10) whip jacket, (11)
drummerer (dommerer), (12) drunken tinker (13) swadder (pedlar), and (14) Abram man. For women (and children) there are nine roles: (1) demander for glimmer or fire, (2) bawdy basket, (3) morts, (4) autem mort, (5) walking morts (6) doxy, (7) dell, (8) kinching mort, and (9) kinching cove." (Buy my book if you want to know what all these specialties are.) Add hackers and testers and you have the kind of crime family HP describes in The Business of Hacking, capable of stealing from the strong as well as the weak.
What is security?
The dictionary definition of security is "being free from danger or threat". Experience indicates no one is secure, at least in the dictionary sense.
Solomon had a different take on security (or, maybe, on the lack of security): "The race is not to the swift or the battle to the strong, nor does food come to the wise or wealth to the brilliant or favor to the learned; but time and chance happen to them all" (NIV). (Bumper stickers on the back of pickups
summarize Solomon's quote in two words: "Excrement happens".)
Damon Runyon, writer of "Guys and Dolls" offered an amendment to Solon's advice: " The race is not always to the swift, nor the battle to the strong, but that's the way to bet." The way to be secure is to be good and hope to be lucky. And, (if you've read any of Runyon's other works), the way not to be secure to be not good (unless you're very, very lucky).
keeping ourselves secure: "things done and things left undone that give as much control as possible over the future". Be good (the things done), be careful (the things not done), and hope to be lucky.
One more quote: "Luck is what happens when preparation meets
opportunity" (Seneca, First Century AD, possibly misattributed). Prepare for Murphy to knock on your door. A disaster for the unprepared is an
opportunity for the prepared.
What is computer security?
The dictionary says, "measures taken to safeguard code, information, and systems". A more sensible definition of computer security is "(1) reasonable measures taken to safeguard code, information, and systems, (2)
unreasonable measures not taken to safeguard code, information, and
systems, and (3) measures not taken to avoid low-rewards." Unfortunately, reasonable, unreasonable, and low-reward are (like beauty) in the mind of the beholder.
What is in these notes?
I'm going to tell you what I think are reasonable and unreasonable measures and what are low-reward measures.
What is a low-reward measure?
A security measure that that has a small payoff for the inconvenience, money and time associated with the measure. Most of the measures advocated by security professionals a low-reward measures.
What is a reasonable measure?
A security measure that that has a significant payoff for the inconvenience, money and time associated with the measure.
Reasonable measures that are not terribly inconvenient for a non-professional and require little money and time should ALWAYS be implemented.
Reasonable measures that are terribly inconvenient for a
non-professional but require only a small amount of time and money should be implemented when possible. (Maybe hire a professional for a half-day?)
when possible. (I define a small amount of money as my monthly business cell phone and internet bill. You may have a different definition.)
Reasonable measures that are terribly inconvenient for a
non-professional and require a lot of money should only be implemented if you have suspect you are a potential target. Warning: If you are (1) involved in politics or social issues, (2) are visible in your community for some reason, or (3) have strange family members or neighbors then you should suspect you are a target.
What is an unreasonable measure?
A security measure that that has become popular wisdom but probably is of little value. (A few years ago, one argument for switching from a PC to a Mac was "Macs don't get viruses." If that was ever true, it isn't now but many Mac sales people and users still believe it and repeat it to non-Mac users.)
Networks
Why care about networks?
If you use the internet, you're on a network. If you use the internet at work, at a library, at a restaurant or whoever supplies the connection (hopefully) has a professional who takes care of network details for you. However, if you use the internet at home or at your small business, you have a small network (an intranet) in your home. If all you have is a direct wired connection to the internet -- no WIFI -- then the intranet is just your cable modem and your computer and your problems are small. As soon as you add a router to your intranet you have (potential) network problems. So, you need to know enough to do basic security stuff.
What do these notes assume you've already done?
The notes assume you have read "Computer security: a 15-minute talk" and have already implemented the security measures described in "Basic
Windows 10 Security" and "Basic Phone and Tablet Security". Also, if you have a router in addition to your cable modem, they assume you have
What simple reasonable measures will improve
security on your intranet?
Warning: This note is in a different format than the previous notes because the problems you are resolving are different. Note: Remember, these notes are for SOHOs and home users: no fire marshal, no industrial engineer, no security engineer to detect problems before they become disasters.
Measure #1: Have two routers: one for business use and one for
all other uses
Most SOHOs and all homes have three kinds of users: business users, business and recreational users, and others (mostly friends, families, and visitors). Recreational use and "other" use has two securities down sides: (1) it slows down business use and (2) it frequently brings malware into the intranet (making security less sure). Most modern cable modems allow you to attach multiple routers in parallel. Take advantage of this by installing a good (fast) router for business use (the safe intranet) and an old (cheap) router for all other use (the risky intranet). BTW: You can put on your CV that you've partitioned a network for improved security
Mistake #1A: Not moving computers that do both business and
non-business to the risky intranet
Yes, they will be less secure and go slower. But, they are on the risky intranet because they choose to do risky thing. Measure #2 will partially resolve this problem.
Mistake #1B: Not moving friends, family and visitors to WIFI
associated with the risky intranet
Laptops, phones and tablets used by friends, family, and visitors should be assumed to be infected. Also, games and data downloads over WIFI will slow down business computers (even when the computers are wired to the intranet) and business phones and tablets.
Mistake #1C: Telling friends, family, and visitors that you've put
them on the risky intranet
:-)
non-business (and for friends and family) use
All you need on this computer is windows, current antimalware software, and a browser. Yes, it's slow but it's only for browsing on the Internet.
Mistake #2A: Not placing this computer on a separate intranet
(the risky intranet, if you have one)
Don't ask, don't tell.
Measure #3: Shutdown the business (secure) router when no one
is the office
Unless you (or a key employee) like to work late at night, program your business router to turn off from 8 PM to 6 AM (or, whatever times make sense). When the router is up, bad guys have a pathway to attack your network. You can't avoid that during the day but you may figure there is a problem when your computer slows to a crawl. Why give them access to your network when no one will see the network slowdown? Also, if a
computer goes zombie, it will on be behaving badly when someone is there to notice its behavior.
What is a zombie (member of a botnet)?
Compromised internet-connected computer whose security defenses have been breached and control ceded to some bad guy. BTW: A herd or zombies is called a botnet.
Measure #4: Shutdown the risky (insecure) router when no one
should be on the internet
Besides protecting the computers attached to the risky routers when no one should be using the internet, you can prevent your kids from being on the internet instead of sleeping.
Measure #5: Do a quick walk about every quarter (when the
season changes) (when TV switches to a different major sport)
Before you start your walkabout, ask yourself, "Have I written an AUP?" If not, make a note to write one. Also, verify that you can log in to the cable modem and the router(s).employee's workstation or a router buried under a pile of crud? Cables going to strange places or left where you could trip over them?
Since you're already walking about, check the air flow and temperature of each computer, each router and the cable modem. (I once discovered my granddaughter using a router as a coat hook. Had to replace the router and had to retrain the granddaughter since my wife would let me replace the granddaughter.)
Check your secure place. Is the secure information storage container still there? Is your information still in the container? Are admin-equivalent user IDs and passwords for ALL the computers, routers and cable modem still in the box?
What is an AUP (Acceptable Use Policy) (fair use policy)?
S set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guide lines as to how it should be used.
Alternative: Document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet. Many businesses and educational facilities require that employees or students sign an
acceptable use policy before being granted a network ID. Can be very short. Warning: If management hasn't prohibited some form of behavior, it's hard to fire someone who has behaved incorrectly!
Measure #6: Do a quick audit of all computers about every
quarter (when the season changes) (when TV switches to a
different major sport)
Go to each computer and login as an admin equivalent. (You should be an admin-equivalent on all your computers. Otherwise, you can't administer the computer. If not, you've discovered a potential disaster!) Are there users you don't recognize? Are the "Guest" accounts? Are there programs you don't remember buying? Are there games? Is the anti-malware current? Does the anti-malware pop up a warning when you insert a flash drive into a USB slot? (Maybe this should be in your AUP?)
What is an admin-equivalent (admin-equivalent user)?
What is a standard user?
Appendices
Appendix I: Network basics
What is a cable modem?
Connects a computer or local network (intranet) to broadband
Internet service through the same cable that supplies cable
television service or the cable that supplies more modern services
like FIOS or U-verse.
What is an intranet (Intranet) (private network)?
Private network combining existing LAN and WAN technologies
and new Internet technologies. Has all the features of the Internet.
Many intranets. Typically use 10.x.x.x, 127.x.x.x, 172.16.x.x
through 172.31.x.x or 192.168.x.x. Typically connected to the (one
and only) internet by a cable modem but may be stand-alone.
What is a network (computer network)?
Connected graph where nodes are computer network nodes and
edges are computer-to-computer connections.
What is a gateway?
Network node that is an entrance to another network. Often a
router.
What is a LAN (Local Area Network) (Local network)?
Hardware and software that turns terminals, workstations, servers,
and hosts into a single network environment in a small geographic
region like a building. Alternative (more modern): A network
segment that may or may not be connected to another network.
Larger networks are created by "gluing" two or more LANs
together, typically with a router.
What is a network address (network number)?
Bit pattern or group of hexadecimal numbers that uniquely
(except the last) separated by dots. (Four bytes.) In IPv6, 32 hex
characters, each quad (except the last) separated by colons. (16
bytes.)
What is a network device?
Component (hardware) that connects ("glues") computers or other
electronic devices together to share files or resources. Usually a
network node.
What is a network edge?
Single physical connection between two computers. Sometimes
used a synonym for connection (network connection). Alternative:
Cable with connectors at both ends that connects two nodes
What is a network node (computer network node) (network host)
(node)?
An addressable device attached to a computer network.
What is a network segment?
Logical group of computers that share a network resource like a
router, VLAN, or switch segmentation.
What is a subnet (subnetwork) (network subnet)?
Logical, visible subdivision of an IP network. Computers that
belong to a subnet are addressed with a common, identical,
most-significant bit-group in their IP address. Note: The practice of
dividing a network into two or more networks is called subnetting.
What is broadband (wideband)?
Communications medium that provides enough bandwidth to over
a wide frequency to satisfy a typical internet user (at least gigabit
speed).
What is a communication medium?
(usually high speed) data transmission that can simultaneously
What is IP (Internet Protocol)?
Basic protocol of the Internet. It enables the unreliable delivery of
individual packets from one host to another. It makes no
guarantees about whether or not the packet will be delivered, how
long it will take, or if multiple packets will arrive in the order they
were sent. Protocols built on top of this add the notions of
connection and reliability.
What is the internet (Internet) (public network)?
Large network with millions of hosts from many organizations and
countries around the world. Amalgamation of many smaller
networks. Data travels by a common set of protocols (starting with
TCP/IP). All (well, almost all-ignore 10.x.x.x, 127.x.x.x,
172.16.x.x through 172.31.x.x and 192.168.x.x) internet addresses
are unique.
What is an IP address (Logical address) (Network address)?
In IPv4, 32-bits or a quad of octets (four bytes). In IPv6, 128-bits
or a hex of octets (eight bytes) or 16 hex characters. A software
address, not a hard-coded address.
What is TCP (Transmission Control Protocol)?
Network reliable communication protocol, typically sits on top of
IP. See UDP.
What is WIFI (Wi-Fi) (Wifi) (WiFi) (Wireless networking)
(Unbounded media)?
Local area wireless technology to exchange data or connect to the
internet (usually using 2.4 GHz UHF and 5 GHz SHF).
What is wired (hard-wired)?
Connected to other devices by cables, usually ethernet cables.
What is wireless?
Appendix II: Common network utilities
What is the command window (command box) (DOS box)?
In Windows, a popup window that acts (somewhat) like the (now
obsolete) DOS command line where the user enters instructions
from the keyboard. It can be opened by clicking on the cmd or
power shell entry in the windows dropdown menu. Warning: The
"admin" version allows admin-equivalent users to run most
commands; the standard version limits what the user can do even if
he is an admin-equivalent.
Ipconfig (IPCONFIG)
Controls network connections on DHCP and DNS. Acronym for internet protocol configuration (called ifconfig -interface configurator- in Linux). Use “netmask” before the subnet. Note: Early versions of Windows used
winipcfg.exe. Three main options:
Option
Purpose
Outputs IP address, network mask and
gateway for all NICs (both physical and
virtual)
ipconfig
all (/all)
Outputs defaults plus DNS and WINS.
ipconfig /all
flushdns
(/flushdns),
displaydns
(/displaydns)
Flushes/displays dns cache on all NICs
ipconfig /flushdns
release
(/release)
Terminates all TCP connections, releases
leases on all IP addresses on NICs.
ipconfig
/release
renew
Setclassid
(/setclassid),
showclassid
(/showclassid)
Managing DHCP server. Seldom used.
ipconfig /setclassid
Nbt
s
tat
Windows diagnostic tool for NetBIOS that troubleshoot NetBIOS name resolution problems. Seldom used.
Net (Net services)
Performs a broad range of network tasks. Type net with no parameters to see a full list of available command-line options. Typical syntax is
NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | PAUSE | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW]
NET ACCOUNTS
Change account settings
NET COMPUTER
Add and remove other networked
computers
NET CONFIG
Displays current SERVER or
WORKSTATION
NET CONTINUE
Continue using SERVICE
NET FILE
Display all the open shared files on a
server and the lock-id
NET GROUP
Manage network workgroups
NET HELP
NET HELPMSG
NET
LOCALGROUP
Manage network groups
NET NAME
Manage messaging name
NET PAUSE
Pause service
NET SESSION
\\ComputerName:
List sessions from a given machine
NET SHARE
sharename
Manage local share
NET START
Start service
NET STATISTICS
Display network statistics for
WORKSTATION or SERVER
NET STOP
Stop service
NET TIME
Display date/time of another
computer
NET USE
Connects / disconnects the computer
from a shared resource or view the
information about current computer
connections.
NET USER
Displays users
NET VIEW
Display computers in the local
domain
NET VIEW
\\ComputerName
See shares on computer
Netstat (netstat) (network statistics)
Displays network connections for Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics.
-a state of all sockets
-b displays executable
creating connection
-n shows network
-o displays owning process
nslookup (Nslookup) (NSLOOKUP)
Network administration command-line tool available for many computer operating systems for querying the DNS to obtain domain name or IP address mapping or other specific DNS records. To access help, type nslookup
[CR]. When the nslookup prompt appears, enter "?"/
Appendix III: Why do I care about intranets?
If you have a home connection to the internet, you automatically
have an intranet in your home, although it may be a (very) small
intranet. (If all you have is a wired connection to the internet -- no
WIFI -- then the intranet is just your cable modem and your
computer.) As soon as you add a router to your intranet, you have
an intranet with (potential) network problems.
Appendix III: Using ipconfig to find basic network
information
How do I open a Command window (Command box) (DOS box)
PowerShell window?
Right click on the windows flag then click on the Windows
PowerShell (Admin) entry. In earlier versions, click on the
Command (Admin) entry.
How do I find out what IP and what router my PC is using?
Open a PowerShell Window (Admin). Type [ipconfig
What is a command window (command box) (DOS box)
(PowerShell window)?
Click on the "YES" button when Windows 10 asks you if you want
to allow this application to changes things. Soon, a small blue
window with a command prompt will pop up. Type "ipconfig"
then press [ENTER]. The IPv4 entry shows the workstation IP
address on the intranet. The Default Gateway entry shows the
gateway (router that connects the intranet to the internet). The
Subnet Mask says the intranet is 192.168.1.0-255. Write these
numbers down on a piece of scrap paper. You may want them
later.
Appendix IV: Use Nmap with Zenmap GUI to find
out what your intranet looks like?
How do I use nmap to find out what my network looks like?
Before you start, make sure every device on your network and
Enter the intranet addresses (192.169.1.0-255) you got from
ipconfig and click on the "SCAN" button. Wait patiently: The
scan will take multiple minutes. When done, you can look at the
Nmap/Zenmap results by clicking on the various Zenmap tabs.
What does Nmap/Zenmap tell me about my home network?
Hosts found by Nmap/Zenmap displayed in Zenmap host viewer
Ports on hosts found by Nmap/Zenmap in Hosts Ports/Hosts tab
Network image found by Nmap/Zenmap in
Hosts
à
Topology
à
Fisheye tab
Output found by Nmap/Zenmap in Hosts
à
Nmap Output tab.
Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-19 14:12
Central Daylight Time
NSE: Loaded 146 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 14:12
Completed NSE at 14:12, 0.00s elapsed
Initiating NSE at 14:12
Completed NSE at 14:12, 0.00s elapsed
Initiating ARP Ping Scan at 14:12
Scanning 255 hosts [1 port/host]
Completed ARP Ping Scan at 14:12, 2.84s elapsed (255 total hosts)
Initiating Parallel DNS resolution of 255 hosts. at 14:12
Completed Parallel DNS resolution of 255 hosts. at 14:12, 5.53s
elapsed
Nmap scan report for 192.168.1.0 [host down]
Nmap scan report for 192.168.1.1 [host down]
//removed unneeded information
Nmap scan report for 192.168.1.63 [host down]
//found some hosts
ß
192.168.1.64, .65, .66
Nmap scan report for 192.168.1.67 [host down] Nmap scan report for 192.168.1.68 [host down]
//found some hosts
ß
192.168.1.69
Nmap scan report for 192.168.1.70 [host down] //removed unneeded information
Nmap scan report for 192.168.1.253 [host down] //found host ß 192.168.1.254
Nmap scan report for 192.168.1.255 [host down] Initiating Parallel DNS resolution of 1 host. at 14:12
Completed Parallel DNS resolution of 1 host. at 14:13, 5.51s elapsed Initiating SYN Stealth Scan at 14:13
Scanning 5 hosts [1000 ports/host]
Completed SYN Stealth Scan against 192.168.1.254 in 0.83s (4 hosts left) ß
Discovered open port 554/tcp on 192.168.1.64 Discovered open port 2869/tcp on 192.168.1.64 Discovered open port 10243/tcp on 192.168.1.64 Discovered open port 5357/tcp on 192.168.1.64
Completed SYN Stealth Scan against 192.168.1.64 in 13.35s (3 hosts left) ß
Completed SYN Stealth Scan against 192.168.1.66 in 13.79s (2 hosts left) ß
Completed SYN Stealth Scan against 192.168.1.73 in 13.79s (1 host left) ß
Completed SYN Stealth Scan at 14:13, 16.88s elapsed (5000 total ports) Initiating Service scan at 14:13
Scanning 7 services on 5 hosts
Completed Service scan at 14:15, 106.16s elapsed (7 services on 5 hosts) Initiating OS detection (try #1) against 5 hosts
Retrying OS detection (try #2) against 4 hosts NSE: Script scanning 5 hosts.
Initiating NSE at 14:15
Completed NSE at 14:16, 64.79s elapsed Initiating NSE at 14:16
Completed NSE at 14:16, 1.02s elapsed
Nmap scan report for DESKTOP-NSCEFQ7 (192.168.1.64) Host is up (0.0017s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
554/tcp open rtsp?
2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Service Unavailable 10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
MAC Address: 2C:27:D7:1C:D7:AC (Hewlett Packard)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): FreeBSD 6.X (91%), Microsoft Windows 2008 (87%)
OS CPE: cpe:/o:freebsd:freebsd:6.2
Aggressive OS guesses: FreeBSD 6.2-RELEASE (91%), Microsoft Windows Server 2008 or 2008 Beta 3 (87%)
No exact OS matches for host (test conditions non-ideal). Uptime guess: 1.701 days (since Thu Aug 17 21:26:18 2017) Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=253 (Good luck!) IP ID Sequence Generation: Incremental
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows TRACEROUTE
HOP RTT ADDRESS
1 1.75 ms DESKTOP-NSCEFQ7 (192.168.1.64) Nmap scan report for Tenda (192.168.1.66)
Host is up (0.0011s latency). Not shown: 999 filtered ports
PORT STATE SERVICE VERSION 1723/tcp closed pptp
MAC Address: C8:3A:35:19:BC:C9 (Tenda Technology)
Too many fingerprints match this host to give specific OS details Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 1.06 ms Tenda (192.168.1.66)
Nmap scan report for android-da7c67eef6602955 (192.168.1.69) Host is up (0.083s latency).
All 1000 scanned ports on android-da7c67eef6602955 (192.168.1.69) are filtered
MAC Address: DC:66:72:23:97:D7 (Samsung Electronics)
Too many fingerprints match this host to give specific OS details Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 83.00 ms android-da7c67eef6602955 (192.168.1.69) Nmap scan report for DESKTOP-OR5KQ2L (192.168.1.73) Host is up (0.00s latency).
All 1000 scanned ports on DESKTOP-OR5KQ2L (192.168.1.73) are filtered MAC Address: 00:26:55:3B:E0:F8 (Hewlett Packard)
Network Distance: 1 hop TRACEROUTE
HOP RTT ADDRESS
1 0.00 ms DESKTOP-OR5KQ2L (192.168.1.73) Nmap scan report for homeportal (192.168.1.254) Host is up (0.0028s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
80/tcp open http 2Wire HomePortal router http config |_http-title: Home
443/tcp open ssl/http 2Wire HomePortal router http config | ssl-cert: Subject:
commonName=attlocal.net/organizationName=2Wire/countryName=US | Issuer: commonName=Gateway
Authentication/organizationName=2Wire/countryName=US | Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption | Not valid before: 2015-12-22T16:35:31
| Not valid after: 2031-01-17T16:35:31
| MD5: f65d dfe1 004d 6764 7a75 c15d da64 b265
|_SHA-1: e1aa f90f ba4c 63ad d62f be75 a218 1aa9 42f4 524c 49152/tcp open tcpwrapped
MAC Address: E0:22:03:D6:83:A5 (Unknown) Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.27
Uptime guess: 1.699 days (since Thu Aug 17 21:29:33 2017) Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=193 (Good luck!) IP ID Sequence Generation: All zeros
Service Info: Device: broadband router TRACEROUTE
HOP RTT ADDRESS
Scanning SCE-10Pro-Workstation (192.168.1.65) [1000 ports] Discovered open port 445/tcp on 192.168.1.65
Discovered open port 554/tcp on 192.168.1.65 Discovered open port 135/tcp on 192.168.1.65 Discovered open port 139/tcp on 192.168.1.65 Discovered open port 2869/tcp on 192.168.1.65 Discovered open port 10243/tcp on 192.168.1.65 Discovered open port 5357/tcp on 192.168.1.65
Completed SYN Stealth Scan at 14:16, 0.36s elapsed (1000 total ports) Initiating Service scan at 14:16
Scanning 7 services on SCE-10Pro-Workstation (192.168.1.65)
Completed Service scan at 14:18, 106.04s elapsed (7 services on 1 host) Initiating OS detection (try #1) against SCE-10Pro-Workstation
(192.168.1.65)
Retrying OS detection (try #2) against SCE-10Pro-Workstation (192.168.1.65)
NSE: Script scanning 192.168.1.65. Initiating NSE at 14:18 ß
Completed NSE at 14:19, 65.21s elapsed Initiating NSE at 14:19 ß
Completed NSE at 14:19, 1.00s elapsed
Nmap scan report for SCE-10Pro-Workstation (192.168.1.65) Host is up (0.000080s latency).
Not shown: 993 closed ports
(SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Not Found
Aggressive OS guesses: Microsoft Windows 10 10586 - 14393 (96%),
Microsoft Windows 10 build 10074 - 14393 (96%), Version 6.1 (Build 7601: Service Pack 1) (96%), Microsoft Windows 10 build 10586 (95%), Microsoft Windows 10 build 15031 (95%), Microsoft Windows 10 (93%), Microsoft Windows Longhorn (93%), Microsoft Windows Server 2008 (93%),
Microsoft Windows Server 2016 build 10586 (93%), Microsoft Windows 7 Professional (93%)
No exact OS matches for host (test conditions non-ideal). Uptime guess: 0.026 days (since Sat Aug 19 13:41:40 2017) Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=259 (Good luck!) IP ID Sequence Generation: Incremental
Service Info: Host: SCE-10PRO-WORKS; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results: | smb-os-discovery:
| OS: Windows 10 Pro 15063 (Windows 10 Pro 6.3) | OS CPE:
cpe:/o:microsoft:windows_10::-| Computer name: SCE-10Pro-Workstation
| NetBIOS computer name: SCE-10PRO-WORKS\x00 | Workgroup: WORKGROUP\x00
|_ System time: 2017-08-19T14:18:11-05:00 | smb-security-mode:
| account_used: <blank> | authentication_level: user | challenge_response: supported
|_ message_signing: disabled (dangerous, but default) | smb2-security-mode:
| 2.02:
|_ Message signing enabled but not required | smb2-time:
| date: 2017-08-19 14:18:13
ß Initiating NSE at 14:19
Completed NSE at 14:19, 0.00s elapsed Initiating NSE at 14:19
Completed NSE at 14:19, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (6 hosts up) scanned in 388.85 seconds Raw packets sent: 10799 (489.882KB) | Rcvd: 3247 (143.088KB)
What is Nmap?
What documents are part of this series?
Volume 1: 5-Minute security talk Volume 2: 15-Minute security talk Volume 3: Basic Windows 10 Security Volume 4: Basic Router Security
Volume 5: Basic Network Security Volume 6: Basic Browser Security
Volume 7: Advanced Windows 10 Security Volume 8: Advanced Router Security
Volume 9: Advanced Network Security Volume 10: Advanced Browser Security Volume 11: Basic Windows 7 Security
Volume 12: Basic Phone and Tablet Security Volume 13: Advanced Phone and Tablet Security Volume 14: Basic eMail Security
Volume 15: Advanced eMail Security