Book Image

Practical Network Scanning

By : Ajay Singh Chauhan
Book Image

Practical Network Scanning

By: Ajay Singh Chauhan

Overview of this book

Network scanning is the process of assessing a network to identify an active host network; same methods can be used by an attacker or network administrator for security assessment. This procedure plays a vital role in risk assessment programs or while preparing a security plan for your organization. Practical Network Scanning starts with the concept of network scanning and how organizations can benefit from it. Then, going forward, we delve into the different scanning steps, such as service detection, firewall detection, TCP/IP port detection, and OS detection. We also implement these concepts using a few of the most prominent tools on the market, such as Nessus and Nmap. In the concluding chapters, we prepare a complete vulnerability assessment plan for your organization. By the end of this book, you will have hands-on experience in performing network scanning using different tools and in choosing the best tools for your system.
Table of Contents (19 chapters)
Title Page
Packt Upsell
Contributors
Preface
Index

Hardening your TCP/IP stack


For any given operating system, tuning of the TCP/IP stack can be performed by the system administrator. Changing the default values of TCP/IP stack variables provides another layer of protection and helps you to secure your hosts in a better way.

This is all about determining and making decisions about how many connections the server can maintain in a half-open state before TCP/IP triggers SYN flooding attack protection. This simply means that to configure the threshold value of the TCP connection, requests must be exceeded before SYN flood protection is triggered.

The following parameters can be adjusted on an operating system level to tune TCP/IP stacks. These are not only applicable to the operating system, but also to network devices such as firewalls and load balancers, which allow you to fine tune TCP stacks:

  • TcpMaxHalfOpen
  • TcpMaxHalfOpenRetried
  • TcpMaxPortsExhausted
  • TcpMaxConnectResponseRetransmissions

We will discuss DoS attacks in detail in the next section...