CONCLUSIONES - La convivencia escolar: factores que afectan el desarrollo integral de los niños

UDP scanning is slightly more difficult than TCP scanning. Unlike TCP, UDP does not use handshakes, so the very first packet sent goes directly to the application. UDP applications are prone to discarding packets that they can’t parse, so scanner packets are likely to never see a response if an application is listening on a given port. However, if a UDP packet is sent to a port without an application bound to it, the IP stack returns an ICMP port unreachable packet. The scanner can assume that any port that returned an ICMP error isclosed, while ports that didn’t return an answer are eitheropen orfiltered by a firewall.

The inability to distinguish betweenopenandfilteredports is a weakness of simple UDP scanners that has led many people to abandon UDP scanning entirely. Unicorn- scan improves on this limitation by speaking valid application packets for the most common UDP protocols, which provides much more accurate results.

2.2 Superuser Privileges

The network scanners discussed in this chapter all function by sending packets with very special parameters to the computer being scanned. Most Unix-like operating systems (such as Linux or Mac OS X) require superuserprivileges in order to send these packets. Unicornscan and Nmap’s connect scan (see Section 2.8) mode work with normal user privileges, but advanced Nmap scans and Scanrand both require superuser privileges. Nmap works fine on Windows with an unprivileged user account.

Figure 2-1. TCP three-way handshake

Client Server

1. SYN

3. ACK 2. SYN/ACK

Instead of logging in asrootto gain superuser privileges, you can use

sudo (see Section 14.3) to temporarily elevate your privileges.

2.3 Three Network Scanners to Consider

The following three network scanners are covered in this chapter. Here’s a quick introduction to each of them and where to get them:

Nmap (http://www.insecure.org/nmap/)

Nmap is the oldest, most popular, and most feature-rich of the three scanners. First released in 1997, it has seen four major releases in the past decade. Nmap is widely available for most Unix platforms as well as Windows, and has both command-line and graphical interfaces. Nmap has been integrated into a num- ber of commercial security products as well.

Unicornscan (http://www.unicornscan.org/)

While Unicornscan isn’t quite as feature-rich as Nmap, it was designed with speed and scalability in mind. The packet-per-second rate can be precisely con- trolled to allow for very fast scans, or for slower scans so as to not exceed network constraints. Unicornscan also supports sophisticated UDP scans by speaking application protocols instead of sending empty scan packets. Precom- piled packages are only available for a few operating systems; otherwise, it must be compiled from source code.

Scanrand (http://www.doxpara.com/paketto/)

Scanrand is part of the Paketto Keiretsu toolkit by Dan Kaminsky. While it has the most limited feature set of the tools presented here, it is designed with one thing in mind:sheer speed. Scanrand uses a clever technique of encoding infor- mation in the headers of TCP SYN packets, allowing for very fast stateless scanning of a large set of addresses and ports. Scanrand and Paketto packages are available for most Unix operating systems.

2.4 Host Discovery

When presented with an unknown network, one of the first orders of business for scanning is to determine which IP addresses have computers listening on them. This is particularly important when exploring a network behind a Network Address Translation (NAT) device (see “Endpoint/Host” in Chapter 13) where only a tiny percentage of available IP addresses may be in use. For example, on my home network, I have three class C networks defined (762 IP addresses), but 12 of those IP addresses are in use only, meaning that nearly 99 percent of the address space is unused. Host scans (also known as ping sweeps) quickly identify which IP addresses have computers attached and allow you to narrow the task at hand significantly.

Nmap provides the–sPoption to perform a host scan. By default, Nmap sends both an ICMPecho request(also known asping) packet as well as a TCP SYN packet to port 80 (the default web server port) to determine whether a computer is listening on a given IP address. If the IP addresses being scanned are on the same subnet as the scanner, ARP packets are used instead; it is a faster and more reliable way to see which IP addresses are in use. Here’s an example of Nmap scanning the first 20 hosts of a subnet:

[bryan@nereid bryan] sudo nmap -n -sP 10.150.9.1-20 Host 10.150.9.15 appears to be up.

MAC Address: 00:0C:F1:D2:29:4C (Intel) Host 10.150.9.16 appears to be up.

MAC Address: 00:0B:DB:27:40:47 (Dell ESG Pcba Test)

Nmap finished: 20 IP addresses (2 hosts up) scanned in 0.646 seconds

The–nflag instructsnmapto not do name lookups on the IP addresses

it scans. This often makes the scan faster as reverse DNS lookups can take a long time to complete. The DNS requests can be somewhat noisy as well, so if you’re trying to be subtle with your scan,-nis usu- ally a good idea.

From the above output, you can see that of the first 20 IP addresses in the subnet, two are in use only. If the subnet scanned is local, Nmap is nice enough to look up the MAC addresses in its database to tell you who manufactured the network card.

In document La convivencia escolar: factores que afectan el desarrollo integral de los niños del grado cuarto de primaria en la Institución Educativa Francisco de Paula Santander Sede Pacande (página 43-58)