ITPub博客

首页 > IT基础架构 > 网络安全 > 网络安全测试软件internet scanner学习笔记(二) (转)

网络安全测试软件internet scanner学习笔记(二) (转)

原创 网络安全 作者:worldblog 时间:2007-12-07 10:47:43 0 删除 编辑
网络安全测试软件internet scanner学习笔记(二) (转)[@more@]重点:
1. 策略编辑器中策略的公共设置:
    Common Settings
The Common Settings folder contains global settings that can be enabled for a policy. Some of these settings may apply to a group of vulnerability checks, decreasing the amount of time needed to enable all the checks that use the setting.
公共设置文件夹包括为策略设置能够被激活的全局设置。这些也许适用一组弱点检查,使用这个设置来减少大量的所有允许的这些设置所花费的时间。
   配置公共设置: 
1. Brute force lists 强制力列表
     Miscellaneous Default 多项默认 VAX/VMS Defaults 虚拟地址扩充/虎拟存储系统
     VAX/VMS Defaults  unix   Linux NIS  linux 网络信息服务
     Use Default Login File  使用默认的登录文件(default.login)
   2.Brute Force Options  强制力选项
 This common setting attempts password checks on names derived from Finger or.NETBIOS checks.
    从Finger 或 NetBIOS的命名来源来个企图进行口令检查。三种方式:A、反向命名做为口令
   B、真名做为口令  C、帐号做为口令
   3.E-Mail Options  E-Mail选项  发现弱点后邮件接收人
   4.Host pinger  
     两项设置:A。每次扫描PING的次数B。每PING一次的间隔时间(毫秒)
   5.HTTP Ports  A、HTTP端口 默认(80和8080) B、HTTP安全端口(443)
   6.Internal Network A、ip Addresses   format: xx-yy,zz,bb-cc B、Include Key IP   Range(s)  C、domains D、Use Whois E、Whois Server  whois是一个关于谁在哪里的数据库
   7.IP Spoofing IP欺骗  A、Spoof Lists (Don’t use source) B、Spoof Source (IP地址
             C、Spoof User(默认为root)使用用户名进行欺骗测试
   8.NFS Depth  子目录的深度
   9.NT Logon Sessions 
10.Phase Limit 进行秘密扫描的段的数量,我理解段数值越大越好
11.RWhod Message 为后台邮件程序发送信息,如果有弱点,PS (the process status command)显示信息
12.Smtp Session 
  This common setting manages all active connections to SMTP servers running on any target hosts.
  这个公共设置管理所有在任何一台目标主机上运行的SMTP服务的活动的连接
A、 Connection timeout (in seconds) 超时时间(秒) B、Reuse connections 重新边接
B、 Reuse the same SMTP connections when perfoRming multiple security checks 当执行多安全检查时再次执行相同的SMTP连接
13.SNMP Community File SNMP组文件
  Filename: The name of a file that contains additional names to use when accessing the    community name. Default: community.snmp  文件名:文件名包括当访问组名时所使用的附加名字
14.SOCKS Host 
  SOCKS Target Host: The target host to the IP address of a host on the other side of the SOCKS server. The host you specify should be running at least one FTP, telnet, SMTP, HTTP, POP3, or finger service.
Note: For this setting to function properly, you must enter an IP address in the box provided. If you do not have an actual SOCKS host, use the IP address 127.0.0.1 rather than leaving the box blank.
  攻击目标地址:在其它SOCK服务器的主机IP地址是目标主机,你所指定的主机就至少运行FTP, telnet, SMTP, HTTP, POP3, or finger 一种服务。
15.TCP Scan 
 A、Source Port: Set the port to use as the source during a port scan. Note: If you set the source port to 0, your operating system will specify the source port.
源端口:设置一个所使用端口直到一个端口被扫描。注意:如果你的端口被设置为0,你的操作系统将被指定为源端口。
 B、Enable Hard Close: Close all active connections to a port after you have received information about the service running on that port. To check the state and the status of an active connection to a port, open a command prompt and type netstat -a.
   允许硬关闭:在你接收到服务已在端口运行的信处后关闭所有活动的链接端口。要检查状态或活动连接端口状态,在命令提示符下输入: netstat –a
 以C  Hard Close Port Range: The port or port range Internet Scanner uses to close any active connections to ports that you have received service information about. 
硬关闭端口限制:用于活动连接端口到端口的限制范围。
16.Telnet Banners 
  Grab Banners: Determines if a telnet server generates banner data in response to a request. Internet Scanner uses this method to determine operating system type.
  白抢夺标题:如果TELNET服务为一个需求响应决定抢夺标题。ISS使用这个方法来决定操作系统类型。
17.UDP Port Scanner
 This common setting controls how the UDP port scanner probes each target host.
 设置每一个目标主机有多少个UDP端口扫描
Internet Scanner sends a collection of UDP packets to each UDP port to check if it is active, and then listens for a response. The type of response (or the lack of a particular type of response) indicates if the port is active.
ISS发送一个收集每一个UDP端口检查它是否是活动状态的包,并且侦听响应。如果端口是活动的,由响应类型指定(或缺少响应类型)
When Internet Scanner performs a UDP port scan, it can generate large amounts of network traffic, which can flood networks with low bandwidth or throughput. To minimize this risk, Internet Scanner lets you tune your scans to meet your individual network needs.
当ISS执行UDP端口扫描时,它能够产生大量的数据,它将占用网络带宽的吞吐量。这个风险最小,ISS让你调整你适合的个人网络需求。
As the UDP port scanner uses the UDP and ICMP protocols, which are classified as unreliable protocols, results can vary between scans. To improve the accuracy of the scan, Internet Scanner lets you tune the scan to provide a higher degree of accuracy UDP端口扫描使用UDP和ICMP协议,扫描后结果被改变的被归类为不可靠的协议。
A.Number of probes per scan  默认10
B.Interval between probes (in seconds)间隔时间(秒) 默认:5秒
18.Walk MIB  管理信息库通道
FlexChecks
A FlexCheck is a user-defined check that has been created to scan specific network environments for vulnerabilities or other conditions.
 FlexCheck是用户定义的检查用来指定建立扫描网络环璄为弱点或其它网络条件。

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10752043/viewspace-989393/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论
  • 博文量
    6241
  • 访问量
    2449866