Summary of the Lab Network
The network consists of several Windows and Linux machines that presented themself in a Star Topology. There are 5 Windows machine and 3 Linux machine From analyzing the network ports through Zenmap, it can be seen that there are several vulnerable hosts which are mostly Windows machines. Seen from the topology, these hosts are represented with a big red circles which means that it has more than six open ports. On the other hand, Linux systems are secured which has less open ports than the vulnerable hosts.
By using Nmap, scanning ports can be used to detect the open ports avaiable in systems inside the network. These open ports are vulnerable points which an attacker can compromise a whole network through just one successful attack. For security measures, scanning ports is an important task to do to make sure that the systems in the network runs proper services which are safe to use. Network administrators must ensure that vulnerable services has to be fully patched before it is deployed.
Packet Sniffing to Detect Network Issues
Interpreting the results from one source will not be an effective way to scan systems in a network. On this particular Lab, we used Wireshark to keep track of the incoming and outgoing packets through all hosts in the network. As a result in this lab, we could see an abnormal RST/ACK package is sent from the vulnerable host to the Kali machine when Zenmap is running and scanning the network. This Wireshark task show that we could keep track of conversations happening in a whole network. That way, abnormalities in the system could be detected through packet sniffing.
Analyze a DNS Request
We are tasked to what kind of information is going through the UDP stream that is sent from 192.168.27.12 to 192.168.27.1. We used Wireshark to complete this particular task to check the content of the package. The result of the UDP stream of this conversation was that 192.168.27.12 is requesting continuous DNS request of login.live.com and several other microsoft domain names. However, an ICMP type 3 code 3, which is Destination uncreachable – Port uncreachable, was sent back to the client. This implies that the network infratructure is not the core of the problem, but it is the destination port cannot be reached.
Critical Thinking and Analysis
NetBIOS Exploit
Analysing the open port details of 192.168.27.18, one vulnerable service is the NetBIOS on port 139. It has been announced by many sources that this service running on port 135-139 might be vulnerable to disclosure of information from the system. NetBIOS attack is one of the most popular attack that can be used to do footprinting on the network and discovers sensitive informations around it.
To mitigate the risk of attack on this specific service, we could manage a firewall and block port 135-139 to reduce the risk. The simplest task is just to not deploy NetBIOS services. Another way to mitigate an attack caused by this service is to harden the authentication procedure with stronger passwords and minimize all access to file sharing purposes.
Utilizing Wireshark
Wireshark is a powerful tool to discover all sorts of conversations going in a certain network. It is mainly used by network administrator to keep track of what is going on in the network to make sure everything is safe and works like it should. Wireshark is able to monitor the network and the data going in and out. Therefore, any irregular activity in the network can be detected, for example a malware taking the network bandwith or may be unwanted users connected in the network.
Checking packets is also one of the abilities that Wireshark provide. Similar to the Lab task, we could check what kind of packet is sent from hosts to client. We could easily see all the protocol, header and all sorts of informations about the package. This will also help uncover some problems occuring in certain conversations. From that, we could analyze the issue and find out where the source is from. Monitoring network is essential to the performance and security of the network.
Marcellus's Blog 