Kebijakan Program Google AdSense Penayang yang berpartisipasi dalam program AdSense diwajibkan
Perlu diketahui bahwa kami dapat mengubah kebijakan setiap saat, dan berdasarkan Persyaratan dan Ketentuan, Anda bertanggung jawab untuk selalu mengikuti perkembangan dan mematuhi kebijakan yang diposting di sini. Klik
Untuk memastikan pengalaman yang baik bagi pengguna dan pengiklan,
Meskipun
Situs yang menampilkan iklan Google tidak boleh mencakup: Penayang situs Web tidak boleh menampilkan iklan Google pada halaman
Penayang AdSense diharuskan mematuhi panduan kualitas webmaster yang diposting di http://www.google.com/webmasters/guidelines.html. Situs
AdSense
Agar
Google menggunakan cookie DoubleClick DART (hanya dalam bahasa Inggris) di situs Web penayang yang menampilkan
Jika kontrak layanan iklan yang ada dengan Google atau DoubleClick
Penayang AdSense harus mengetahui dan mematuhi kebijakan privasi
Google Adsense sepertinya sudah tidak asing lagi bagi anda. Karena ini termasuk penyedian program PPC yang sangat menggiurkan. Tapi mungkin ada yang belum mengetahui tentang kebijakan - kebijakan pada program Google Adsense. Sehingga pada saat anda mendaftar tidak di Approve. Ini merupakan kebijakan - kebijakan Google Adsense yang terakhir kali diperbarui pada Agustus 2008 . Tanpa dikurangi atau ditambah sedikitpun.
mematuhi kebijakan sebagai berikut. Kami meminta Anda untuk membaca
kebijakan ini dengan saksama dan sering merujuk ke dokumen ini. Jika
gagal mematuhi kebijakan ini, kami dapat menonaktifkan penyajian iklan
ke situs Anda dan/atau menonaktifkan account AdSense Anda. Meskipun
dalam beberapa kondisi kami lebih memilih untuk bekerjasama dengan
penayang yang mematuhi kebijakan, kami berhak untuk setiap saat
menonaktifkan account manapun. Jika account dinonaktifkan, Anda tidak
berhak untuk terus berpartisipasi dalam program AdSense.
Klik dan Jejak yang Tidak Valid
pada iklan Google harus berasal dari keinginan asli pengguna. Kami
sangat melarang cara apapun yang akan menghasilkan klik atau jejak
buatan pada iklan Google Anda. Cara yang terlarang tersebut mencakup
namun tidak terbatas pada, pengulangan klik atau jejak yang dilakukan
secara manual, penggunakan robot, perangkat penghasil klik dan jejak
otomatis, layanan pihak ketiga yang menghasilkan klik atau jejak
seperti bayar untuk mengklik, bayar untuk surfing, surfing otomatis,
dan berbagai program pertukaran klik, atau perangkat tipu daya apapun. Perlu diketahui bahwa kami melarang Anda untuk mengklik iklan sendiri dengan alasan apapun. Kelalaian dalam memenuhi kebijakan ini dapat mengakibatkan penonaktifan account Anda.
Mendorong klik
penayang tidak boleh meminta pengguna mengklik iklan di situs mereka
atau mengandalkan metode penerapan yang bersifat tipu daya untuk
mendapatkan klik. Penayang yang berpartisipasi dalam program AdSense:
menggunakan frase seperti "klik iklan ini", "dukung kami", "kunjungi
link ini", atau bahasa lain yang serupa
email massal yang tidak dikehendaki atau iklan yang tidak diinginkan di
situs Web pihak ketiga
melihat iklan atau melakukan pencarian, atau menjanjikan kompensasi
kepada pihak ketiga atas perilaku tersebut
iklan Google, misalnya iklan berlabel "Link Sponsor" namun bukan "Situs
Favorit"
Konten Situs
Google menawarkan akses luas ke berbagai konten dalam indeks pencarian,
namun penayang dalam program AdSense hanya dapat menempatkan iklan
Google di situs yang mematuhi panduan konten kami, dan iklan tersebut
tidak boleh ditampilkan pada halaman manapun yang sebagian besar
kontennya menggunakan bahasa yang tidak didukung. Lihat daftar bahasa yang didukung.
pengguna untuk mengklik iklan atau penawaran, melakukan pencarian,
surfing situs Web, atau membaca email
iklan untuk meningkatkan peringkat mesin pencari di situs Anda,
misalnya Peringkat Halaman situs
Materi yang Dilindungi Hak Cipta
Web dengan konten yang dilindungi undang-undang hak cipta, kecuali jika
mereka memiliki hak hukum yang diharuskan untuk menampilkan konten
tersebut. Untuk informasi lebih lanjut, kunjungi kebijakan DMCA.
Panduan Webmaster
Aktivitas Situs dan Iklan
yang menampilkan iklan Google harus mudah dinavigasi oleh pengguna dan
tidak boleh berisi pop-up yang berlebihan. Kode AdSense tidak boleh
diganti, atau aktivitas iklan standar tidak boleh dimanipulasi dengan
cara apapun yang tidak diizinkan secara tersurat oleh Google.
pop-under yang mengganggu navigasi situs, mengubah preferensi pengguna,
atau memulai proses download.
tanpa modifikasi. Peserta AdSense tidak boleh mengganti bagian apapun
dalam kode atau mengubah aktivitas, penargetan, maupun penayangan
iklan. Misalnya, klik pada iklan Google tidak boleh ditampilkan di
jendela browser baru.
pencarian, atau tombol referensi sebagai hasil tindakan aplikasi
perangkat lunak apapun, seperti toolbar.
dengan perangkat lunak apapun yang dapat memicu pop-up, mengarahkan
ulang pengguna ke situs Web yang tidak dikehendaki, memodifikasi
pengaturan browser, atau mengganggu navigasi situs. Anda bertanggung
jawab untuk memastikan bahwa tidak ada jaringan iklan atau afiliasinya
yang menggunakan metode tersebut dalam mengarahkan lalu lintas ke
halaman yang berisi kode AdSense.
persyaratan apapun kepada pengguna akhir. Penayang tidak boleh meminta
alamat email dari pengguna dalam kaitannya dengan unit referensi
AdSense.
lintas ke halaman yang menampilkan iklan Google harus memenuhi semangat Panduan Kualitas Halaman Arahan Google. Misalnya, jika Anda mengiklankan situs yang berpartisipasi
dalam program AdSense, maka iklan tersebut tidak boleh memperdaya
pelanggan.
Penempatan Iklan
menawarkan sejumlah format dan produk iklan. Penayang dianjurkan untuk
mencoba beragam penempatan, asalkan mematuhi kebijakan sebagai berikut:
referensi dapat ditampilkan pada halaman, selain unit iklan, kotak
pencarian, dan unit link yang dijelaskan di atas.
satu unit link iklan selain iklan yang disajikan Google dengan hasil
pencarian. Iklan lain tidak dapat ditampilkan pada halaman hasil
pencarian Anda.
ditayangkan khusus untuk tujuan menampilkan iklan, baik jika konten
halaman relevan maupun tidak.
Iklan dan Layanan Bersaing
pengguna tidak bingung, kami tidak mengizinkan iklan atau kotak
pencarian Google ditayangkan di situs Web yang juga berisi iklan atau
layanan lain yang diformat menggunakan tata letak dan warna sama
seperti iklan atau kotak pencarian Google di situs tersebut. Meskipun
Anda boleh menjual iklan secara langsung di situs, namun Anda
bertanggung jawab untuk memastikan iklan tersebut tidak serupa dengan
iklan Google.
Cookie Iklan Google
iklan AdSense untuk konten. Berdasarkan ketentuan, peraturan, dan
undang-undang yang berlaku, Anda memiliki hak tunggal dan eksklusif
untuk menggunakan semua data yang diperoleh dari penggunaan cookie
DoubleClick DART demi tujuan apapun yang terkait dengan bisnis, hanya
jika Google menggunakan dan mengungkapkan data tersebut berdasarkan
persyaratan dalam kebijakan privasi iklan Google (hanya dalam bahasa Inggris) serta ketentuan, peraturan, dan undang-undang yang berlaku.
telah memiliki ketentuan spesifik tentang kepemilikan data, maka
ketentuan tersebut akan menggantikan kebijakan ini dalam mengatur
pengumpulan data berdasarkan kontrak.
yang menjelaskan bahwa pihak ketiga dapat menempatkan dan membaca
cookie di browser pengguna atau menggunakan beacon Web untuk
mengumpulkan informasi terkait dengan penayangan iklan di situs Web
Anda. Selengkapnya tentang cara mempersiapkan kebijakan privasi.
Kebijakan Program Google AdSense
Install Backtrack pada Komputer atau Laptop
Kalian semua tentu telah mengetahui sistem operasi gratis dan open source Backtrack. Sistem Backtrack begitu flexibel bagi kalian yang membutuhkan bermacam - macam software untuk menguji coba sistem keamanan yang telah dimiliki. Karena Open Source begitu banyak software yang bisa diinclude pada sistem. Tapi begitu sangat disayangkan, karena sistem ini live CD alias nggak bisa diinstall pada harddisk. Tapi sebenarnya perkataan itu salah. Backtrack sudah bisa diinstall pada Komputer maupun Laptop. Langkah - langkahnya anda dapat melihatnya pada irongeek.com. Dan saya telah menemukan juga transcript movienya. Silahkan print atau ditulis terlebih dahulu agar tidak kebigungan nantinya. Ini scriptnya :
login as root
startx
(open a terminal window)
mount (to see what partitions we have e.g. /dev/hda1 on /mnt/hda1 type ntfs (ro))
umount /mnt/hda1/
qtparted (to resize partitions to shrink ntfs partition down to ~3.77GB leave 4.23G for BT2)
exit from qtparted (after committing changes to disc)
use fdisk to create three new partitions as follows:
fdisk /dev/hda
p (to show current partitions)
n
p
2
(press return)
+64M (for /boot)
n
p
3
(press return)
+1024M (for swap)
n
p
4
(press return)
(press return) uses remaining space for the fourth partition
t
3
82 (to change the type of partition 3 to that of a swap partition)
w (to write changes to the disc).
(NOTE: if you get any sort of error message here it is very important to reboot and then continue from here)
(You now need to format your three partitions)
mke2fs /dev/hda2
mkswap /dev/hda3
swapon /dev/hda3
mkreiserfs /dev/hda4 (note: the author of the Movie likes to use reiserfs, but you can use whichever you prefer)
y
(Now you can start installing bt2)
mkdir /mnt/backtrack
mount /dev/hda4 /mnt/backtrack/
mkdir /mnt/backtrack/boot/
mount /dev/hda2 /mnt/backtrack/boot/
cp --preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/backtrack/
(Note: this has to copy 600+MB and takes a little while, so perhaps have a coffee)
mkdir /mnt/backtrack/{mnt,proc,sys,tmp}
mount --bind /dev/ /mnt/backtrack/dev/
mount -t proc proc /mnt/backtrack/proc/
cp /boot/vmlinuz /mnt/backtrack/boot/ (command changed to suit new BT 2.0 file location)
chroot /mnt/backtrack/ /bin/bash (returned /dev/pts/0: no such file or directory)
(Now you need to alter lilo.conf and write it to the mbr)
nano /etc/lilo.conf (you can use your favorite editor to do this)
(strip out all comments for clarity, and end up with lilo.conf as follows:)
lba32
boot /dev/hda
#message = /boot/boot_message.txt (we may not have this file)
prompt
timeout=1200
change-rules
reset
vga=791
#linux bootable partition config begins
image = /boot/vmlinuz
root = /dev/hda4
label = backtrack2
read-only
#linux bootable partition ends
(note: you can get your bootsplash back by giving the command
"makesplash" and adding an initrd line to your lilo.conf. When you do
this make sure /boot is mounted)
#windows bootable partition config begins
other = /dev/hda1
label = WindowsXP
table = /dev/hda
#windows bootable partition config ends
(save file)
lilo -v
exit
(now reboot).
Backtrack 3 telah beredar dan kita disajikan Versi Image, VMWare. Dengan VMWare ini kita nggak perlu susah -susah meinstall pada harddisk. Cukup menginstall Software VMWare atau semacamnya kita dah bisa menggunkannya.
Link
http://backtrack.offensive-security.com/index.php/Transcript_of_movie
Membuat Sistem Operasi Windows Live Usb
Sistem Operasi Windows memang sangat digemari dikalangan masyarakat saat ini. Karena hampir semua Games hanya bisa berjalan pada sistem ini. Tapi bagaimana jika sewaktu - waktu Sistem Windows anda rusak, Missing error atau pada saat booting selesai malah muncul Restart CTRL + ALT DEL. Kalau seperti itu windows anda harus diinstall ulang. Seandainya anda tidak punya waktu untuk menginstall ulang windows dan membutuhkan sebuah data atau lebih yang berada pada harddisk. Anda pasti kebingungan bukan? Nah, ada cara untuk menanganinya ketika hal seperti ini sewaktu - waktu terjadi.
Anda perlu menyiapkan peralatan dan software yang diperlukan yaitu :
1. Sebuah Komputer atau Laptop beroperating system Windows
2. Cd Windows XP Profesional
3. Usb Flash Drive (Flash Disk) minimal 256 Mb
4. HP USB Device Storange Format Tool, Download
5. PE Builder, Download
Setelah semua peralatan dan software yang dibutuhkan telah anda dapatkan. Kini anda dapat memulai membuat Windows Live Usb. Akan tetapi alangkah lebih baik jika anda mengetahui software yang akan anda gunakan terlebih dahulu.
HP USB Device Storange Format Tool
Software ini berguna untuk memformat Flash Drive anda. Dengan software ini anda bisa memformat Flash Drive anda menjadi FAT, FAT32, dan NTFS dengan mengubah pilihan combobox pada File Sistem.
PE Bulider
Software ini digunakan untuk membuild Windows Xp menjadi BartPE. Setelah anda menginstall software dan menjalankannya. Masukkan CD Windows XP pada Drive CD/DVD Komputer lalu tentukan source pada PE Builder dengan alamat Drive CD/DVD yang telah anda masukkan, Destinationnya diisi BartPE, dengan ini akan membuat sebuah folder baru dengan nama BartPE yang akan tersimpan pada C:\pebuilder_Versi\BartPE pada folder itulah nantinya hasil build dari Windows XP akan disimpan.
Install BartPE pada Flash Drive USB
Bukalah aplikasi Command Prompt atau disingkat menjadi CMD. Tentukan direktori aktif menjadi c:\pebuilder_versi\plugin\peinst\dan ketikkan perintah peinst lalu enter. Pada aplikasi ini anda hanya menentukan alamat dari BartPE dan alamat dari Flash Drive Usb yang digunakan untuk tempat penyimpanan data tersebut.
Tekan angka 1 dan tentukan alamat dari BartPE (c:\pebuilder_versi\BartPE)
Angka 2 Menentukan alamat Flash Drive Usb (contoh h:)
Angka 5 lalu angka 1 agar proses instalasi dimulai.
Link
1. hp.com
2. nu2.nu/pebuilder
Cara membuat logo mirip google
Pengen tau gimana sih caranya bikin logo seperti paman GOOGLE? Ceritanya gini,
Dahulu kala ada seseorang yang.... eh salah. Nie serius lho, untuk bisa memiliki logo seperti milik saya yang dibawah ini atau taklah lain milik paman GOOGLE
caranya gampang banget. Cukum kamu isi form dibawah ini dengan logo yang kamu inginkan
Free Subdomain CO.CC
kamu bisa punya 2 subdomain CO.CC. Dengan syarat, kamu mesti punya alamat email. yah pastilah, dimana - mana kalau nggak punya alamat email. PASTI GAPTEK BANGET. Maaf jangaj tersinggung ya.... bercanda doang. untuk lebih lanjut kamu daftar disini
Nah, kalau udah diisi semua aplikasinya. Kamu dah bisa langsung login ke CO.CC. Disini kamu bisa mendapatkan fasilitas seperti beli domain dot com.
Pertama Kita bisa mentukan jalur DNS (Domain Name System), ini berguna ketika kita mempunyai hosting. Karena setian hosting yang kita miliki pasti meminta domain yang akan kita gunakan nantinya. Tapi, bukan domain semacam blog twister, friendster dan lainnya. Tapi sebuah domain atau subdomain yang bisa diatus oleh kita.
Kedua yaitu zone record, saya belum pernah mencobanya jadi maaf sebelunya saya tidak bisa memberikan review sekitpun tentang zone record.
Nah yang terakhir adalah Url Forwarding. Dengan fasilitas ini, fasilitas ini kita bisa menyembunyikan alamat URL kita atau tidak Coba kalian klik ini DokterMatrix.co.cc Meski saya telah menuliskan alamat tersebut. akan tetapi yang keluar adalah http://doktermatrix.blogspot.com ini dikarenakan url yang telah saya masukkan tidak disembunyikan. Oh ya, hampir lupa. Jika kalian melakukan pilihan nomer tiga kalian dapat fasilitas PLUS yaitu bisa mempunyai alamat email sesuai alat subdomain co.cc yang telah kalian daftarkan. asik bukan.
Harga Blog Anda
Ingin tahu berapakah harga dari blog yang telah kita kelola selama ini?Kira - kira harga blog kita ya? kalau kalian semua penasaran sekali. kalian bisa mengunjungi situs ini kalian cukup memasukkan alamat blog dan enter. Pasti ketahuan yang sering dikunjungi ma nggak. Karena harga yang tertera disitu nggak sembaranggan dikasih. Yah, kalau pengen tambah mahal harganya. ya sering -sering saja update minimal seminggu 3 kali kalau bisa. Tapi kalau nggak, ya seminggu sekali deh. Jangan lupa pengunjung datang karena ingin mendapatkan apa yang mereka cari. bukan asal - asalah update tapi artikel yang ditampilkan nggak bermutu alias sampah
How to Create a bootable Backtrack 2.0 USB flashdrive
The Backtrack 2.0 final distribution isprobably the finest collection of open source network penetration,security, and auditing tools currently available. I use this softwarefor some network penetration testing and security auditing work Iperform. I suggest only using these tools on networks you own or havepermission to audit because of potential legal ramifications. Thatbeing said, here’s what the Backtrack 2.0 is all about.
According to the remote-exploit web site,
“BackTrack is the most Top rated linux live distribution focused onpenetration testing. With no installation whatsoever, the analysisplatform is started directly from the CD-Rom and is fully accessiblewithin minutes.
It’s evolved from the merge of the two wide spread distributions Whax and Auditor Security Collection.By joining forces and replacing these distribution the BackTrack couldgain a massive popularity and was voted in 2006 as #1 at the surveil ofinsecure.org. Security professionals as well as new-comers are using itas their favorite toolset all over the globe.”
Backtrack 2.0 contains over 300 security tools, and it can be downloaded here. You can find detailed notes that describe how to install Backtrack to a hard drive, and don’t forget to check out the wiki, which details installing Backtrack in many different configurations.
Now that you know what Backtrack 2 contains and why you might wantto use it, here’s the quick instructions for creating a bootable USBstick installation from a Windows machine (Vista Business, in thisinstance).
1) Format your USB drive using FAT32. Do not perform a quick format.
2) Download the Backtrack 2 final .iso and open it with your favorite compression/extraction program. I like Universal Extractor, aka UniExtract.
3) Copy the boot and BT directories from the Backtrack .iso and copy them to your USB drive.
4) Open a command prompt by clicking Start - Run and typing cmd then press enter.
Note: if you’re using Windows Vista you’ll need to open an elevatedcommand prompt, which can do more things than a regular command prompt.To do this, click the Windows Vista icon, right click Command Promptand select Run as administrator - Continue.
5) Change to the drive letter associated with your USB drive. If youdon’t know what letter your USB drive is, and you cannot figure it out,this may not be the best software for you to use.
6) Type cd boot and press enter to change to the boot directory on your USB drive.
7) Type bootinst.bat and press enter to make your USBdrive bootable. You be asked to press any key to continue. Once thebatch file completes you should be able to restart your machine andboot from the Backtrack USB drive.
Parting Notes
Creating the bootable USB drive from the Backtrack GUI Installer did not work for me for whatever reason, and neither did the BackTrack 2.0 Downloader and USB-Stick burner for Windows.Maybe it has to do with using a newer 8 GB flash drive, I’m not sure.There are also many other methods you can try if this doesn’t work foryou, just Google it.
You can also try using the MySlax Creator to add drivers, patches, and other modules to your Backtrack.iso file. irongeek.com has a nice video showing you exactly what needs to be done to integrate these updates into your distribution.
Transcript of movie Install Backtrack To Harddisk
18 About This Document
This document is copyright c 2003-2006, Andrew J. Bennieston. This documentis provided in several formats, including LaTeX source, and it may be freely
17 Frequently Asked Questions
This section was added as an extra to the original tutorial as it became popular and some questions were asked about particular aspects of an nmap scan. I’ll use this part of the tutorial to merge some of those into the main tutorial itself.
This question assumes you used a scan command along the lines of:
1 nmap -sS -P0 -p 1-140 -O -D xxx.xxx.xxx.xxx,
2 xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx -sV xxx.xx.xxx.xxxNote: Each xxx corresponds to an octet of the IP address/addresses. This isinstructing NMAP to run a Stealth scan (-sS) without pinging (-P0) on ports 1to 140 (-p 1-140), to use OS Detection (-O) and to use Decoys (-D). The threecomma-separated IPs are the decoy IPs to use. It also specifies to use versionscanning (-sV) which attempts to determine precisely which program is runningon a port.
Now, heres the analysis of this command: A stealth scan (-sS) is often pickedup by most firewalls and IDS systems nowdays. It was originally designed toprevent logging of a scan in the logs for whatever server is running on the portthe scanner connects to. In other words, if the scan connects to port 80 to testif its open, Apache (or whatever other webserver they may be using) will log theconnection in its logfiles.
The -sS scan option doesn’t make a full TCP connect (which can be achievedwith the -sT option, or by not running as root) but resets the connection beforeit can be fully established. As such, most servers will not log the connection, butan IDS or firewall will recognise this behaviour (in repeated cases) as typical ofa port scan. This will mean that the scan shows up in firewall or IDS logs andalerts. There are few ways around this, to be honest. Most firewall/IDS softwarenowdays is quite good at detecting these things; particularly if its running on thesame host as the victim (the system you are scanning).
18
Note also, that decoys will not prevent your IP showing entirely; it just liststhe others as well. A particularly well designed IDS may even be able to figureout which is the real source of the scans.
Where speed of scan isn’t essential, the -P0 option is a good idea. Nmapgains timing information from pinging the host, and can often complete its scansfaster with this information, but the ping packets will be sent to the victim fromyour IP, and any IDS worth its CPU cycles will pick up on the pattern of afew pings followed by connects to a variety of ports. -P0 also allows scanning ofhosts which do not respond to pings (i.e. if ICMP is blocked by a firewall or byin-kernel settings).
I mentioned timing in the above paragraph. You can use the -T timing optionto slow the scan down. The slower a scan is, the less likely it is to be detected byan IDS. There are bound to be occasional random connects occurring, people typean IP in wrong or try to connect and their computer crashes half way throughthe connect. These things happen, and unless an IDS is configured extremelystrictly, they generally aren’t reported (at least, not in the main alert logs, theymay be logged if logging of all traffic is enabled, but typically these kind of logsare only checked if theres evidence of something going on). Setting the timing to-T 0 or -T 1 (Paranoid or Sneaky) should help avoid detection. As mentioned inmy main tutorial, you can also set timing options for each aspect of a scan,Timings for individual aspects of a scan can also be set using the –host timeout, –max rtt timeout, –min rtt timeout, –initial rtt timeout,–max parallelism, –min parallelism, and –scan delay options. See theNmap manual for details.
The final note I will add to this answer is that use of the Idle scan method(-sI) means that not a single packet is sent to the victim from your IP (providedyou also use the -P0 option to turn off pings). This is the ultimate in stealth asthere is absolutely no way the victim can determine that your IP is responsiblefor the scan (short of obtaining log information from the host you used as partof your idle scan).
17.2 NMAP seems to have stopped, or my scan is takinga very long while. Why is this?
The timing options can make it take a very long time. I believe the -T Paranoid( -T 0 )option waits up to 5 minutes between packets... now, for 65000 ports,thats 65000 x 5 = 325000 minutes = 225 days!!
-T Sneaky ( -T 1 ) waits up to 15 seconds between scans, and is thereforemore useful; but scans will still take a long while! You can use -v to get moreverbose output, which will alert you as to the progress of the scan. Using -v twicemakes the output even more verbose.
19
17.3 Will -sN -sX and -sF work against any host, or justWindows hosts?
-sN -sX and -sF scans will work against any host, but Windows computers donot respond correctly to them, so scanning a Windows machine with these scansresults in all ports appearing closed. Scanning a *nix or other system should workjust fine, though. As I said in the main tutorial, -sX -sF and -sN are commonlyused to determine if you’re scanning a Windows host or not, without using the-O fingerprinting option.
The Nmap manual page should help to determine which scans work alongsidewhich options, and on which target systems they are most effective.
17.4 How do I find a dummy host for the Idle Scan (-sI)?
You simply have to scan for hosts using sequential IPID sequences, these are(often) suitable for use as a dummy host for the -sI Idle Scan.
17.5 What does ”Host seems down. If it is really up, butblocking our ping probes, try -P0” mean?
When Nmap starts, it tries to ping the host to check that it is online. Nmap alsogains timing information from this ping. If the remote host, or a system on thepath between you and the remote host, is blocking pings, this ping will not bereplied to, and Nmap will not start scanning. Using the -P0 option, you can turnoff ping-on-start and have Nmap try to scan anyway.
17.6 Where can I find NmapFE?
NmapFE is a graphical front-end for Nmap.NmapFE for UNIX/Linux is included in the Nmap source. NmapFE for OSXis available at http://faktory.org/m/software/nmap/ NmapFE for Windowsis under development as part of NmapFE++, a new frontend for Linux, OSXand Windows. Information is available at http://www.insecure.org/nmap/SoC/NmapFE.html
7 IP Protocol Scans [-sO]
The IP Protocol Scans attempt to determine the IP protocols supported on atarget. Nmap sends a raw IP packet without any additional protocol header (seea good TCP/IP book for information about IP packets), to each protocol on thetarget machine. Receipt of an ICMP Protocol Unreachable message tells us theprotocol is not in use, otherwise it is assumed open. Not all hosts send ICMPProtocol Unreachable messages. These may include firewalls, AIX, HP-UX andDigital UNIX). These machines will report all protocols open.
1 [chaos]# nmap -sO 127.0.0.1
2
3 Starting Nmap 4.01 at 2006-07-14 12:56 BST
4 Interesting protocols on chaos(127.0.0.1):8
5 (The 251 protocols scanned but not shown below are
6 in state: closed)
7 PROTOCOL STATE SERVICE
8 1 open icmp
9 2 open|filtered igmp
10 6 open tcp
11 17 open udp
12 255 open|filtered unknown
13
14 Nmap finished: 1 IP address (1 host up) scanned in
15 1.259 seconds
16 Typical Scanning Session
First, we’ll sweep the network with a simple Ping scan to determine which hostsare online.
1 [chaos]# nmap -sP 10.0.0.0/24
2
3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
4 2006-07-14 14:19 BST
6 MAC Address: 00:09:5B:29:FD:96 (Netgear)
7 Host 10.0.0.2 appears to be up.
8 MAC Address: 00:0F:B5:96:38:5D (Netgear)
9 Host 10.0.0.4 appears to be up.
10 Host 10.0.0.5 appears to be up.
11 MAC Address: 00:14:2A:B1:1E:2E (Elitegroup Computer System Co.)
12 Nmap finished: 256 IP addresses (4 hosts up) scanned in 5.399 seconds
14
Now we’re going to take a look at 10.0.0.1 and 10.0.0.2, both listed as Netgearin the ping sweep. These IPs are good criteria for routers (in fact I know that10.0.0.1 is a router and 10.0.0.2 is a wireless access point, since it’s my network,but lets see what Nmap makes of it...)We’ll scan 10.0.0.1 using a SYN scan [-sS] and -A to enable OS fingerprintingand version detection.
1 [chaos]# nmap -sS -A 10.0.0.1
2
3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
4 2006-07-14 14:23 BST
5 Insufficient responses for TCP sequencing (0),
6 OS detection may be less accurate
7 Interesting ports on 10.0.0.1:
8 (The 1671 ports scanned but not shown below are in state:
9 closed)
10 PORT STATE SERVICE VERSION
11 80/tcp open tcpwrapped
12 MAC Address: 00:09:5B:29:FD:96 (Netgear)
13 Device type: WAP
14 Running: Compaq embedded, Netgear embedded
15 OS details: WAP: Compaq iPAQ Connection Point or
16 Netgear MR814
17
18 Nmap finished: 1 IP address (1 host up) scanned in
19 3.533 seconds
The only open port is 80/tcp - in this case, the web admin interface for therouter. OS fingerprinting guessed it was a Netgear Wireless Access Point - in factthis is a Netgear (wired) ADSL router. As it said, though, there were insufficientresponses for TCP sequencing to accurately detect the OS.Now we’ll do the same for 10.0.0.2...
1 [chaos]# nmap -sS -A 10.0.0.2
2
3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ )
4 at 2006-07-14 14:26 BST
5 Interesting ports on 10.0.0.2:
6 (The 1671 ports scanned but not shown below are in state:
7 closed)
8 PORT STATE SERVICE VERSION
9 80/tcp open http Boa HTTPd 0.94.11
10 MAC Address: 00:0F:B5:96:38:5D (Netgear)15
11 Device type: general purpose
12 Running: Linux 2.4.X|2.5.X
13 OS details: Linux 2.4.0 - 2.5.20
14 Uptime 14.141 days (since Fri Jun 30 11:03:05 2006)
15
16 Nmap finished: 1 IP address (1 host up) scanned in 9.636
17 seconds
Interestingly, the OS detection here listed Linux, and the version detectionwas able to detect the httpd running. The accuracy of this is uncertain, thisis a Netgear home wireless access point, so it could be running some embeddedLinux!Now we’ll move on to 10.0.0.4 and 10.0.0.5, these are likely to be normalcomputers running on the network...
1 [chaos]# nmap -sS -P0 -A -v 10.0.0.4
2
3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
4 2006-07-14 14:31 BST
5 DNS resolution of 1 IPs took 0.10s. Mode:
6 Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
7 Initiating SYN Stealth Scan against 10.0.0.4 [1672 ports] at 14:31
8 Discovered open port 21/tcp on 10.0.0.4
9 Discovered open port 22/tcp on 10.0.0.4
10 Discovered open port 631/tcp on 10.0.0.4
11 Discovered open port 6000/tcp on 10.0.0.4
12 The SYN Stealth Scan took 0.16s to scan 1672 total ports.
13 Initiating service scan against 4 services on 10.0.0.4 at 14:31
14 The service scan took 6.01s to scan 4 services on 1 host.
15 For OSScan assuming port 21 is open, 1 is closed, and neither are
16 firewalled17 Host 10.0.0.4 appears to be up ... good.
18 Interesting ports on 10.0.0.4:
19 (The 1668 ports scanned but not shown below are in state: closed)
20 PORT STATE SERVICE VERSION
21 21/tcp open ftp vsftpd 2.0.3
22 22/tcp open ssh OpenSSH 4.2 (protocol 1.99)
23 631/tcp open ipp CUPS 1.1
24 6000/tcp open X11 (access denied)
25 Device type: general purpose
26 Running: Linux 2.4.X|2.5.X|2.6.X
27 OS details: Linux 2.4.0 - 2.5.20, Linux 2.5.25 - 2.6.8 or
28 Gentoo 1.2 Linux 2.4.19 rc1-rc716
29 TCP Sequence Prediction: Class=random positive increments
30 Difficulty=4732564 (Good luck!)
31 IPID Sequence Generation: All zeros
32 Service Info: OS: Unix
33
34 Nmap finished: 1 IP address (1 host up) scanned in 8.333 seconds
35 Raw packets sent: 1687 (74.7KB) | Rcvd: 3382 (143KB)
From this, we can deduce that 10.0.0.4 is a Linux system (in fact, the one I’mtyping this tutorial on!) running a 2.4 to 2.6 kernel (Actually, Slackware Linux10.2 on a 2.6.19.9 kernel) with open ports 21/tcp, 22/tcp, 631/tcp and 6000/tcp.All but 6000 have version information listed. The scan found the IPID sequenceto be all zeros, which makes it useless for idle scanning, and the TCP Sequenceprediction as random positive integers. The -v option is needed to get Nmap toprint the IPID information out!Now, onto 10.0.0.5...
1 [chaos]# nmap -sS -P0 -A -v 10.0.0.5
2
3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ )
4 at 2006-07-14 14:35 BST
5 Initiating ARP Ping Scan against 10.0.0.5 [1 port] at 14:35
6 The ARP Ping Scan took 0.01s to scan 1 total hosts.
7 DNS resolution of 1 IPs took 0.02s. Mode: Async
8 [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
9 Initiating SYN Stealth Scan against 10.0.0.5 [1672 ports] at 14:35
10 The SYN Stealth Scan took 35.72s to scan 1672 total ports.
11 Warning: OS detection will be MUCH less reliable because we did
12 not find at least 1 open and 1 closed TCP port
13 Host 10.0.0.5 appears to be up ... good.
14 All 1672 scanned ports on 10.0.0.5 are: filtered
15 MAC Address: 00:14:2A:B1:1E:2E (Elitegroup Computer System Co.)
16 Too many fingerprints match this host to give specific OS details
17 TCP/IP fingerprint:
18 SInfo(V=4.01%P=i686-pc-linux-gnu%D=7/14%Tm=44B79DC6%O=-1%C=-1%M=00142A)
19 T5(Resp=N)
20 T6(Resp=N)
21 T7(Resp=N)
22 PU(Resp=N)
23
24 Nmap finished: 1 IP address (1 host up) scanned in 43.855 seconds
25 Raw packets sent: 3369 (150KB) | Rcvd: 1 (42B)
17No open ports, and Nmap couldn’t detect the OS. This suggests that it isa firewalled or otherwise protected system, with no services running (and yet itresponded to ping sweeps).We now have rather more information about this network than we did whenwe started, and can guess at several other things based on these results. Usingthat information, and the more advanced Nmap scans, we can obtain further scanresults which will help to plan an attack, or to fix weaknesses, in this network.
15 Other Nmap Options
15.1 IPv6
The -6 option enables IPv6 in Nmap (provided your OS has IPv6 support). Currentlyonly TCP connect, and TCP connect ping scan are supported. For otherscantypes, see http://nmap6.sourceforge.net
Highly recommended, -vUse -v twice for more verbosity. The option -d can also be used (once ortwice) to generate more verbose output.
15.3 Resuming
Scans cancelled with Ctrl+C can be resumed with the –resume ¡logfilename¿option. The logfile must be a Normal or Grepable logfile (-oN or -oG).13
15.4 Reading Targets From A File
-iL ¡inputfilename¿ reads targets from inputfilename rather than from the commandline.The file should contain a hostlist or list of network expressions separated byspaces, tabs or newlines. Using a hyphen as inputfile makes Nmap read fromstandard input.
15.5 Fast Scan
The -F option scans only those ports listed in the nmap services file (or theprotocols file if the scan type is -sO). This is far faster than scanning all 65,535ports!!
15.6 Time-To-Live
The -ttl ¡value¿ option sets the IPv4 packets time-to-live. The usefulness of this isin mapping paths through networks and determining ACL’s on firewalls (settingthe ttl to one past the packet filter can help to determine information about thefiltering rules themselves). Repeated Nmap scans to a single port using differingttl values will emulate a traceroute style network path map (Try it, its greatfun for a while, until you get bored and realise traceroute does it all for youautomatically!).
14 Outputting Logs
Logging in Nmap can be provided by the -oN, -oX or -oG options. Each oneis followed by the name of the logfile. -oN outputs a human readable log, -oX
13 OS Fingerprinting
The -O option turns on Nmap’s OS fingerprinting system. Used alongside the-v verbosity options, you can gain information about the remote operating system
11 Window Scan, RPC Scan, List Scan [-sW, -sR, -sL]
The TCP Window scan is similar to the ACK scan but can sometimes detectopen ports as well as filtered/unfiltered ports. This is due to anomalies in TCPWindow size reporting by some operating systems (see the Nmap manual for alist, or the nmap-hackers mailing list for the full list of susceptible OS’).
RPC Scans can be used in conjunction with other scan types to try to determineif an open TCP or UDP port is an RPC service, and if so, which program,and version numbers are running on it. Decoys are not supported with RPCscans (see section on Timing and Hiding Scans, below).List scanning simply prints a list of IPs and names (DNS resolution will beused unless the -n option is passed to Nmap) without actually pinging or scanningthe hosts.
12 Timing and Hiding Scans
12.1 TimingNmap
adjusts its timings automatically depending on network speed and responsetimes of the victim. However, you may want more control over the timing in orderto create a more stealthy scan, or to get the scan over and done with quicker.The main timing option is set through the -T parameter. There are six predefinedtiming policies which can be specified by name or number (starting with0, corresponding to Paranoid timing). The timings are Paranoid, Sneaky, Polite,Normal, Aggressive and Insane.
12.2 Decoys
The -D option allows you to specify Decoys. This option makes it look like thosedecoys are scanning the target network. It does not hide your own IP, but itmakes your IP one of a torrent of others supposedly scanning the victim at the11same time. This not only makes the scan look more scary, but reduces the chanceof you being traced from your scan (difficult to tell which system is the ”real”source).
12.3 FTP Bounce
The FTP protocol (RFC 959) specified support for a ”proxy” ftp, which alloweda connection to an FTP server to send data to anywhere on the internet. Thistends not to work with modern ftpds, in which it is an option usually disabled inthe configuration. If a server with this feature is used by Nmap, it can be usedto try to connect to ports on your victim, thus determining their state.This scan method allows for some degree of anonymity, although the FTPserver may log connections and commands sent to it.
12.4 Turning Off Ping
The -P0 (that’s a zero) option allows you to switch off ICMP pings. The -PToption switches on TCP Pings, you can specify a port after the -PT option to bethe port to use for the TCP ping.Disabling pings has two advantages: First, it adds extra stealth if you’rerunning one of the more stealthy attacks, and secondly it allows Nmap to scanhosts which don’t reply to pings (ordinarily, Nmap would report those hosts asbeing ”down” and not scan them).In conjunction with -PT, you can use -PS to send SYN packets instead ofACK packets for your TCP Ping.The -PU option (with optional port list after) sends UDP packets for your”ping”. This may be best to send to suspected-closed ports rather than openones, since open UDP ports tend not to respond to zero-length UDP packets.Other ping types are -PE (Standard ICMP Echo Request), -PP (ICMP TimestampRequest), -PM (Netmask Request) and -PB (default, uses both ICMP EchoRequest and TCP ping, with ACK packets)
12.5 Fragmenting
The -f option splits the IP packet into tiny fragments when used with -sS, -sF,-sX or -sN. This makes it more difficult for a firewall or packet filter to determinethe packet type. Note that many modern packet filters and firewalls (includingiptables) feature optional defragmenters for such fragmented packets, and willthus reassemble the packet to check its type before sending it on. Less complexfirewalls will not be able to cope with fragmented packets this small and will mostlikely let the OS reassemble them and send them to the port they were intendedto reach. Using this option could crash some less stable software and hardwaresince packet sizes get pretty small with this option!12
12.6 Idle Scanning
See the section on -sI for information about idle scans.
10 ACK Scan [-sA]
Usually used to map firewall rulesets and distinguish between stateful and statelessfirewalls, this scan type sends ACK packets to a host. If an RST comes back,the port is classified ”unfiltered” (that is, it was allowed to send its RST throughwhatever firewall was in place). If nothing comes back, the port is said to be”filtered”. That is, the firewall prevented the RST coming back from the port.
9 Version Detection [-sV]
Version Detection collects information about the specific service running on anopen port, including the product name and version number. This information canbe critical in determining an entry point for an attack. The -sV option enables
8 Idle Scanning [-sI]
Idle scanning is an advanced, highly stealthed technique, where no packets aresent to the target which can be identified to originate from the scanning machine.A zombie host (and optionally port) must be specified for this scan type. Thezombie host must satisfy certain criteria essential to the workings of this scan.This scan type works by exploiting ”predictable IP fragmentation ID” sequencegeneration on the zombie host, to determine open ports on the target.
6 UDP Scan [-sU]
Scanning for open UDP ports is done with the -sU option. With this scan type,Nmap sends 0-byte UDP packets to each target port on the victim. Receipt ofan ICMP Port Unreachable message signifies the port is closed, otherwise it isassumed open.
One major problem with this technique is that, when a firewall blocks outgoingICMP Port Unreachable messages, the port will appear open. These falsepositivesare hard to distinguish from real open ports.
1 [chaos]# nmap -sO 127.0.0.1
2
3 Starting Nmap 4.01 at 2006-07-14 12:56 BST
4 Interesting protocols on chaos(127.0.0.1):8
5 (The 251 protocols scanned but not shown below are
6 in state: closed)
7 PROTOCOL STATE SERVICE
8 1 open icmp
9 2 open|filtered igmp
10 6 open tcp
11 17 open udp
12 255 open|filtered unknown
13
14 Nmap finished: 1 IP address (1 host up) scanned in
15 1.259 seconds
5 Ping Scan [-sP]
This scan type lists the hosts within the specified range that responded to a ping.It allows you to detect which computers are online, rather than which ports areopen. Four methods exist within Nmap for ping sweeping.The first method sends an ICMP ECHO REQUEST (ping request) packet tothe destination system. If an ICMP ECHO REPLY is received, the system is up,and ICMP packets are not blocked. If there is no response to the ICMP ping,Nmap will try a ”TCP Ping”, to determine whether ICMP is blocked, or if thehost is really not online.
4 FIN, Null and Xmas Tree Scans [-sF, -sN, -sX]
With the multitude of modern firewalls and IDS’ now looking out for SYN scans,these three scan types may be useful to varying degrees. Each scan type refersto the flags set in the TCP header. The idea behind these type of scans is thata closed port should respond with an RST upon receiving packets, whereas anopen port should just drop them (it’s listening for packets with SYN set). Thisway, you never make even part of a connection, and never send a SYN packet;which is what most IDS’ look out for.
1 [chaos]# nmap -sS 127.0.0.1
2
3 Starting Nmap 4.01 at 2006-07-06 17:23 BST
4 Interesting ports on chaos (127.0.0.1):
5 (The 1668 ports scanned but not shown below are in state:
6 closed)
7 PORT STATE SERVICE
8 21/tcp open ftp6
9 22/tcp open ssh
10 631/tcp open ipp
11 6000/tcp open X11
12
13 Nmap finished: 1 IP address (1 host up) scanned in 0.207
14 seconds
15 [chaos]# nmap -sF 127.0.0.1
16
17 Starting Nmap 4.01 at 2006-07-06 17:23 BST
18 Interesting ports on chaos (127.0.0.1):
19 (The 1668 ports scanned but not shown below are in state:
20 closed)
21 PORT STATE SERVICE
22 21/tcp open|filtered ftp
23 22/tcp open|filtered ssh
24 631/tcp open|filtered ipp
25 6000/tcp open|filtered X11
26
27 Nmap finished: 1 IP address (1 host up) scanned in 1.28428 seconds
3 Basic Scan Types [-sT, -sS]
The two basic scan types used most in Nmap are TCP connect() scanning [-sT]and SYN scanning (also known as half-open, or stealth scanning) [-sS].These two types are explained in detail below.
These scans are so called because UNIX sockets programming uses a system callnamed connect() to begin a TCP connection to a remote site. If connect()succeeds, a connection was made. If it fails, the connection could not be made(the remote system is offline, the port is closed, or some other error occurredalong the way). This allows a basic type of port scan, which attempts to connect4to every port in turn, and notes whether or not the connection succeeded. Oncethe scan is completed, ports to which a connection could be established are listedas open, the rest are said to be closed.This method of scanning is very effective, and provides a clear picture of theports you can and cannot access. If a connect() scan lists a port as open, youcan definitely connect to it - that is what the scanning computer just did! Thereis, however, a major drawback to this kind of scan; it is very easy to detect onthe system being scanned. If a firewall or intrusion detection system is runningon the victim, attempts to connect() to every port on the system will almostalways trigger a warning. Indeed, with modern firewalls, an attempt to connectto a single port which has been blocked or has not been specifically ”opened” willusually result in the connection attempt being logged. Additionally, most serverswill log connections and their source IP, so it would be easy to detect the sourceof a TCP connect() scan.For this reason, the TCP Stealth Scan was developed.
3.2 SYN Stealth Scan [-sS]
I’ll begin this section with an overview of the TCP connection process. Thosefamiliar with TCP/IP can skip the first few paragraphs.When a TCP connection is made between two systems, a process known as a”three way handshake” occurs. This involves the exchange of three packets, andsynchronises the systems with each other (necessary for the error correction builtinto TCP. Refer to a good TCP/IP book for more details.The system initiating the connection sends a packet to the system it wantsto connect to. TCP packets have a header section with a flags field. Flags tellthe receiving end something about the type of packet, and thus what the correctresponse is.Here, I will talk about only four of the possible flags. These are SYN (Synchronise),ACK (Acknowledge), FIN (Finished) and RST (Reset). SYN packetsinclude a TCP sequence number, which lets the remote system know what sequencenumbers to expect in subsequent communication. ACK acknowledges receiptof a packet or set of packets, FIN is sent when a communication is finished,requesting that the connection be closed, and RST is sent when the connectionis to be reset (closed immediately).To initiate a TCP connection, the initiating system sends a SYN packet tothe destination, which will respond with a SYN of its own, and an ACK, acknowledgingthe receipt of the first packet (these are combined into a single SYN/ACKpacket). The first system then sends an ACK packet to acknowledge receipt ofthe SYN/ACK, and data transfer can then begin.SYN or Stealth scanning makes use of this procedure by sending a SYN packetand looking at the response. If SYN/ACK is sent back, the port is open and theremote end is trying to open a TCP connection. The scanner then sends an RST5to tear down the connection before it can be established fully; often preventingthe connection attempt appearing in application logs. If the port is closed, anRST will be sent. If it is filtered, the SYN packet will have been dropped andno response will be sent. In this way, Nmap can detect three port states - open,closed and filtered. Filtered ports may require further probing since they couldbe subject to firewall rules which render them open to some IPs or conditions,and closed to others.Modern firewalls and Intrusion Detection Systems can detect SYN scans, butin combination with other features of Nmap, it is possible to create a virtuallyundetectable SYN scan by altering timing and other options (explained later).
1 Introduction
2 Disclaimer
This information is provided to assist users of Nmap in scanning their own networks,or networks for which they have been given permission to scan, in orderto determine the security of such networks. it is not intended to assist with scanningremote sites with the intention of breaking into or exploiting services on
