Introduction to Port Scanning 1 What is Port
- Slides: 12
Introduction to Port Scanning 1
What is Port Scanning? n port scanning is equivalent to knocking on the walls to find all the doors and windows. n determine what systems are listening & reachable from the Internet. n Analyzing underlying weaknesses. n Using the weakness for later use. 2
Port Numbers n Well Known Ports: n 0 – 1023 n Non Standard Ports: n 1023 and above n Yahoo: 5010 Yahoo! Messenger 3
Port Scanning Techniques n Vanilla: n Simplest form of port scan. n Tries each of the ports 65535 on the victim. n sending a carefully constructed packet. n with a chosen port number. 4
Stealth Scan n Port scanning is easily logged by the services listening at the ports. n Designed to go undetected by auditing tools. n Scanning at a slow pace. n inverse mapping: n Generating "host unreachable" ICMPmessages for IPs that do not exist. 5
TCP Scanner n TCP connect scan: n Complete a three-way handshake. n TCP SYN scan: n Half-open scanning. n A SYN packet is sent. n A listening target respond with a SYN+ACK. n A non-listening target respond with a RST. n TCP FIN scan: n Scanner sends a FIN (finish) packet. n Closed ports reply with a RST (reset). n Open ports ignore the packet entirely. 6
Bounce Scans n The ability to hide tracks is important to attackers. n FTP bounce scan: n allows the hacker to force the FTP server to do the port scan and send back the results. This bouncing through an FTP server hides where the attacker comes from. n The advantage to this approach is harder to trace. n The disadvantages are that it is slow. 7
UDP Scanning n In order to find UDP ports, the attacker generally sends empty UDP datagrams. If n The port is listening, the service should send back an error message or ignore the incoming datagram. n The port is closed, then most operating systems send back an "ICMP Port Unreachable" message. Thus determine which ports are open. n Neither UDP packets nor the ICMP errors are guaranteed to arrive, so UDP scanners must also implement retransmission of packets that appear to be lost. 8
Port Scanning Tools n Strobe n TCP port scanning utility. n One of the fastest and most reliable TCP scanners available. n Only looking for those services the attacker knows how to exploit. n CMD: Strobe 192. 168. 1. 10 n Output: 192. 168. 1. 10 ssh 22/tcp secure shell 9
Port Scanning Tools n nmap n Widely known port scanner. n Utility for port scanning large networks, although it works fine for single hosts. n The guiding philosophy for the creation of nmap was TMTOWTDI (There's More Than One Way To Do It). n CMD: nmap –s. S 192. 168. 1. 1 n Output: Port State Protocol Service n 21 open tcp ftp 10
Port Scanning Tools n netcat n The Swiss army knife in any security toolkit. n Provides basic TCP and UDP port scanning capabilities. By default, netcat uses TCP ports, so for UDP scanning, we need to specify the –u option. For example, n CMD: netcat –v –z –w 2 192. 168. 1. 1 1 -140 n Output: [192. 168. 1. 1] 25 (smtp) open 11
Conclusion n Port Scanning has legitimate uses in managing networks. n Can also be malicious in nature if someone is looking for a weakened access point to break into your computer. n It is rude to scan someone else’s hosts or networks without the explicit permission of the owner. n Always ask to scan outside of your own network. 12
Port scanning definition
Features of 8255a
Port a + port c upper forms group b ports
Hfss wave port
Skimming and scanning quiz
Interlaced scanning
What is a scanning lens
Skimming and scanning images
What is scanning in communication skills
Disadvantages of skimming and scanning
Audience scanning lasers
Scanning and analysis tools are used to pinpoint
Scanner is input or output
