Blockchain – Payments in the World of Cryptocurrencies
Blockchain - discover the world of transactions, cryptocurrencies, and electronic payments.
Today, Innokrea Team wants to tell you a bit about network scanning in an unusual context. Have you ever wondered how to scan the entire Internet in just a few minutes? Can you estimate the number of devices with certain, possibly vulnerable, software in this way? If we have piqued your interest, we encourage you to read on.
Classification of scans
In computer science, scans can be classified in many ways, depending on the level of authorization, the object of interest, or the location from which we operate. For example, the authors of this article distinguish the following types of scanning:
Figure 1: Scanner classification based on application. Source: balbix.com.
In addition, we distinguish scanners that occur on a host, in a computer network as dedicated devices (wirelessly or wired), and those used to detect vulnerabilities in Internet applications. What we use depends on business needs and what we want to achieve. The issue we want to address today is efficient scanning of the Internet, which is rarely seen in the context of devices intended for businesses. Regardless of the type of scan we choose and the needs we present, all solutions have a common feature – they automatically provide certain information about the infrastructure, which we can then process and draw conclusions from, and even take active actions.
Masscan – who, what, and why?
Masscan is a tool created by Robert Graham in 2013 for massive scanning of giant subnets. It works asynchronously and according to the documentation, is capable of sending even 10 million packets per second. It was written in C language, which, due to its low level of abstraction, is a difficult but very effective language.
Masscan can be used to:
Installation
If you don’t want to install Masscan, we recommend using the Kali Linux system, where it is included in the base package of programs. If you want to install it on Linux, you need to execute the following commands:
sudo apt update
sudo apt install -y git gcc libpcap-dev
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
To test if the program is working, use the command
masscan –regression
Basic usage
Each element of an expression in Masscan that does not start with a “-” sign is perceived as an IP address in one of three formats, including as a range. There are also various ways to specify TCP and UDP ports: -p80 OR -p80,20-25 OR –ports U:123, U:100-125.
Figure 2: Fragment of the manual for the Masscan tool in Kali Linux.
Masscan has a separate TCP/IP stack, which allows it to use a different IP address than that of the network card. In theory, any source address can be specified. It can be another public address or another address from our local subnet. Specifying the public address of another device as the source address can be used for a reflection attack. However, we do not necessarily have to change the IP address to use basic Masscan commands.
Example local network scan:
masscan 192.168.0.0/24 -p80 –rate 10000
We can also save the output of the command to a file:
masscan 12.0.0.0/8 -p80,443,3306 –echo > output.file
System limitations
It is worth noting that systems have limitations on sending and receiving a large number of packets. For Windows, this limit is up to 250,000 packets per second, and for new versions of Linux, it is up to 2 million packets per second. To exceed this limit, you must have an Intel 10Gb/s Ethernet connector and the PF_RING_DNA driver. It is available for both Windows and Linux systems.
More Masscan options – banner grabbing
To find out which services are running on the scanned target, you need to use a technique called “banner grabbing”, which allows you to obtain information about a particular system in order to check the version of the software running on an open port. If the software is vulnerable, a hacker could use an exploit to gain access to the server. However, in order to obtain the appropriate information from the banner in Masscan, you need to change the source IP address to one from the same subnet – otherwise it will not work. Of course, the scanner allows you to change the source IP address of the packet using the parameter “–adapter-ip” or “–source-ip” (source-ip is not in the documentation, so it is better to use the first one). This is done because Masscan is not able to capture the banner from the default configured IP address. The “–adapter-ip” switch performs three basic tasks:
Figure 3: An example of capturing a banner for a web service. Note the IP address change.
In summary, for an Ethernet network, to capture a banner, simply enter the command with the “–banner” switch and change the source IP address (adapter-ip) to another one. When using a Wi-Fi network, an additional iptables rule will be required, which may look like this:
iptables -A INPUT -p tcp –dport 61000 -j DROP
Then, when using Masscan, you should always specify the source port you are using, for example:
masscan 12.0.0.0/8 –banners –source-port 61000
It may seem counterintuitive to use a port that we just blocked on the firewall. However, this is intentional and done so that the local TCP/IP stack does not see the incoming packet. Masscan can handle iptables rules because it bypasses this mechanism through the TCP/IP protocol stack. More information on this topic can be found at this link: https://github.com/robertdavidgraham/masscan.
Summary
In the second part of the article you will learn about advanced Masscan options, as well as what a reflection attack is. We are still in the topic of network scanning, so if you are interested in this topic, we encourage you to read it. See you!
Sources:
Blockchain – Payments in the World of Cryptocurrencies
Blockchain - discover the world of transactions, cryptocurrencies, and electronic payments.
FinancialSecurity
FastAPI – How to Build a Simple REST API in Python? – Part 3
REST API using FastAPI framework. The last part of articles about API in Python. Start your FastAPI adventure with us today!
Programming
FastAPI – or how to write a simple REST API in Python? – Part 2
REST API using the FastAPI framework. Part two of the tutorial. Start your FastAPI adventure with us today!
Programming