SlideShare ist ein Scribd-Unternehmen logo

Port Scanning Overview

Als RTF, PDF herunterladen
Publicly traded global multi-billion services company
Publicly traded global multi-billion services company

Port scanning involves attempting to connect to ports on a target system to discover which ports are open and what services they correspond to. It is done by software that scans a range of ports, usually 0 to 65,536, and analyzes responses to determine whether ports are open, closed, or filtered. Common port scanning tools include Nmap and Netcat. While port scanning can be used maliciously for hacking, it is also used by system administrators to diagnose network issues.

1 von 2
Port Scanning an Overview Rav Gagan S.- Director IT Security EBSL Technologies Int’l Before going into what port scanning is and entails, I will share a bit about what a port is and port categorization. A port can be defined as an application or process-specific software piece serving as a communications endpoint. This endpoint is used by Transport Layer protocols of the Internet protocol suite namely, TCP & UDP is used universally to communicate on the Internet. Each port is also identified by a 16-bit unsigned integer called the port number. “In TCP/IP terminology, a Port is a software identifier that corresponds to a specific application or protocol running on a host.”- eg Http uses port 80- Network Security: A Practical Approach by Jan Harrington Port numbers are separated into three ranges 1) Well Known Ports 2) Registered Ports and 3) Dynamic and/or Private Ports. In the world of IT Intrusion, Port Scanning is one of the most popular reconnaissance techniques used to discover quot;hackablequot; services. In everyday terminology, it is analogous to a joyrider walking by a group of cars and trying car doors to see which car doors are open, or flipping the sun-visor to get keys. An important fact to keep in mind though, is that port scanning is used by system administrators to diagnose problems on their networks. In a nutshell all port scanning is, is a series of attempts by an intruder or administrator to see which ports on a network is open by attempting to connect to a range of ports on a range of hosts and then gathering information from responding open ports to see what applications or services are associated or running on those ports. Port Scanning is accomplished by implementing software to scan any one of the 0 to 65536 potentially available ports on a computer. Types of port scans:  Vanilla Scan- This is an attempt to connect to all ports  Strobe Scan – Here only a selected number of port connection are attempted (usually under 20)  Stealth Scan – Integrating techniques when scanning which aims to prevent the “request for connection” being logged.  FTP Bounce Scan – Attempting to disguise the origin of the scan by redirecting through an FTP server  Fragmented Packets Scans in an attempt to bypass rules in some routers  UDP Scan  Sweep Scan here the attacker will scan the same port on several computers. 1
The simplest port scan may be the quot;TCP connect()quot; scan. This scan uses a normal TCP connection to determine port availability and utilizes a TCP handshake connection that typically every other TCP application will use on a network. The more expert and malicious intruder will implement what is call a strobe which is a method of scanning fewer ports, usually no more than 20.Of note is the fact that port scanning is easily logged by the services listening at the ports, so, any incoming connection with no data is logged as an error. There is however a number of stealth scan techniques geared toward avoiding detection and an intruder can implement an FTP bounce scan to hide a point of origin. Other methods of stealth port scanning are 1) Splitting the TCP header into several IP fragments- Fragmented packets 2) Half-open scanning or SYN scanning 3) FIN scanning 4) NULL scans The result of a port scan is usually generalized as follows: 1) Open or Accepted 2) Closed or Denied or Not Listening 3) Filtered, Dropped or Blocked Port scanning is typically accomplished with specific software. Basically a port scan occurs when the system sends out a request to connect to the target computer on each port sequentially and registering which if any ports responded. If there was response/s then these responding ports will be open to more in-depth probing. Two common tools to implement port scanning are NMap and Netcat. Netcat can read and write data across TCP and UDP network connections, in addition the Netcat utility can also do a host of other “tricks” such as being utilized as a backdoor, a port redirector and a port listener to name a few. E.g.: Netcat port scanner running the command quot;nc -v -w 2 -z target 20-30quot; will result in a connection to targeted ports between 20 and 30, and possibly indicate the presence of an FTP server or telnet server. Including the “-z” switch should prevent data transmission to a TCP connection as well as a limited one to a UDP connection. To instigate a delay between probes simply add a –i switch. E.g. NMap which is probably the most popular scanner in the world, a basic TCP scan using nmap can be run with the command nmap – sT References: http://www.insecure.org/nmap/n map-fingerprinting-article.htm l http://en.wikipedia.org/wiki/P ort_scanning http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1178844,00.html

Empfohlen

Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanningamiable_indian
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautamn|u - The Open Security Community
 

Empfohlen

Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanningamiable_indian
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautamn|u - The Open Security Community
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Nmap
NmapNmap
NmapNishaYadav177
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
NMap
NMapNMap
NMapPritesh Raka
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
Nmap commands
Nmap commandsNmap commands
Nmap commandsKailash Kumar
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basicsamiable_indian
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptorsn|u - The Open Security Community
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Hardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesHardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesSalvatore Lentini
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 

Weitere ähnliche Inhalte

Was ist angesagt?

Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Hardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesHardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesSalvatore Lentini
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 

Was ist angesagt? (20)

Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
N map presentation
N map presentationN map presentation
N map presentation
 
NMAP
NMAPNMAP
NMAP
 
Nmap
NmapNmap
Nmap
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
NMap
NMapNMap
NMap
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
 
Nmap
NmapNmap
Nmap
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmap
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Hardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesHardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS Technologies
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 

Andere mochten auch

Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingOpher Etzion
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On LinuxOsama Mustafa
 
Comparative Analysis of Personal Firewalls
Comparative Analysis of Personal FirewallsComparative Analysis of Personal Firewalls
Comparative Analysis of Personal FirewallsAndrej Šimko
 
Access control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanAccess control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanHafiza Abas
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingAndy Piper
 
Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsOpher Etzion
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Complex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESBComplex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESBPrabath Siriwardena
 
CyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning NetworksCyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning NetworksCyberLab
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Debs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages TutorialDebs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages TutorialOpher Etzion
 
Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?Tyrone Systems
 
Analizadores de Protocolos
Analizadores de ProtocolosAnalizadores de Protocolos
Analizadores de ProtocolosMilton Muñoz
 
Optimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingOptimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingTim Bass
 

Andere mochten auch (20)

Port scanning
Port scanningPort scanning
Port scanning
 
Nmap
NmapNmap
Nmap
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processing
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On Linux
 
Comparative Analysis of Personal Firewalls
Comparative Analysis of Personal FirewallsComparative Analysis of Personal Firewalls
Comparative Analysis of Personal Firewalls
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
 
Access control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanAccess control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azman
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream Processing
 
Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing Patterns
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Complex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESBComplex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESB
 
CyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning NetworksCyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning Networks
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
Debs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages TutorialDebs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages Tutorial
 
Tutoriel esper
Tutoriel esperTutoriel esper
Tutoriel esper
 
Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?
 
Analizadores de Protocolos
Analizadores de ProtocolosAnalizadores de Protocolos
Analizadores de Protocolos
 
Optimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingOptimizing Your SOA with Event Processing
Optimizing Your SOA with Event Processing
 

Ähnlich wie Port Scanning Overview

Node finder presentation
Node finder presentationNode finder presentation
Node finder presentationVarun Varshney
 
A Survey on different Port Scanning Methods and the Tools used to perform the...
A Survey on different Port Scanning Methods and the Tools used to perform the...A Survey on different Port Scanning Methods and the Tools used to perform the...
A Survey on different Port Scanning Methods and the Tools used to perform the...Naomi Hansen
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Boston Institute of Analytics
 
final presentation of md asif ali.pptx
final presentation of md asif ali.pptxfinal presentation of md asif ali.pptx
final presentation of md asif ali.pptxMDASIFALI19DEE8027
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxMahdiHasanSowrav
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.pptVarunBehere1
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpOlli-Pekka Niemi
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptxJazzyB5
 

Ähnlich wie Port Scanning Overview (20)

Scanning
ScanningScanning
Scanning
 
Node finder presentation
Node finder presentationNode finder presentation
Node finder presentation
 
A Survey on different Port Scanning Methods and the Tools used to perform the...
A Survey on different Port Scanning Methods and the Tools used to perform the...A Survey on different Port Scanning Methods and the Tools used to perform the...
A Survey on different Port Scanning Methods and the Tools used to perform the...
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
 
final presentation of md asif ali.pptx
final presentation of md asif ali.pptxfinal presentation of md asif ali.pptx
final presentation of md asif ali.pptx
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptx
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanning
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
 
Net Defender
Net DefenderNet Defender
Net Defender
 
Netdefender
NetdefenderNetdefender
Netdefender
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.ppt
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Contents namp
Contents nampContents namp
Contents namp
 
Contents namp
Contents nampContents namp
Contents namp
 
Network scan
Network scanNetwork scan
Network scan
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptx
 

Mehr von Publicly traded global multi-billion services company

Mehr von Publicly traded global multi-billion services company (6)

Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&a
 
Ebsl Technologies Six (6) Sigma
Ebsl Technologies Six (6) SigmaEbsl Technologies Six (6) Sigma
Ebsl Technologies Six (6) Sigma
 
Ebsl Technologies Jon Shende- Sas 70
Ebsl Technologies Jon Shende- Sas 70Ebsl Technologies Jon Shende- Sas 70
Ebsl Technologies Jon Shende- Sas 70
 
Ebsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal PresentationEbsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal Presentation
 
Jon Shende It Director2
Jon Shende It Director2Jon Shende It Director2
Jon Shende It Director2
 
An Intro to Cloud Computing
An Intro to Cloud ComputingAn Intro to Cloud Computing
An Intro to Cloud Computing
 

Port Scanning Overview

  • 1. Port Scanning an Overview Rav Gagan S.- Director IT Security EBSL Technologies Int’l Before going into what port scanning is and entails, I will share a bit about what a port is and port categorization. A port can be defined as an application or process-specific software piece serving as a communications endpoint. This endpoint is used by Transport Layer protocols of the Internet protocol suite namely, TCP & UDP is used universally to communicate on the Internet. Each port is also identified by a 16-bit unsigned integer called the port number. “In TCP/IP terminology, a Port is a software identifier that corresponds to a specific application or protocol running on a host.”- eg Http uses port 80- Network Security: A Practical Approach by Jan Harrington Port numbers are separated into three ranges 1) Well Known Ports 2) Registered Ports and 3) Dynamic and/or Private Ports. In the world of IT Intrusion, Port Scanning is one of the most popular reconnaissance techniques used to discover quot;hackablequot; services. In everyday terminology, it is analogous to a joyrider walking by a group of cars and trying car doors to see which car doors are open, or flipping the sun-visor to get keys. An important fact to keep in mind though, is that port scanning is used by system administrators to diagnose problems on their networks. In a nutshell all port scanning is, is a series of attempts by an intruder or administrator to see which ports on a network is open by attempting to connect to a range of ports on a range of hosts and then gathering information from responding open ports to see what applications or services are associated or running on those ports. Port Scanning is accomplished by implementing software to scan any one of the 0 to 65536 potentially available ports on a computer. Types of port scans:  Vanilla Scan- This is an attempt to connect to all ports  Strobe Scan – Here only a selected number of port connection are attempted (usually under 20)  Stealth Scan – Integrating techniques when scanning which aims to prevent the “request for connection” being logged.  FTP Bounce Scan – Attempting to disguise the origin of the scan by redirecting through an FTP server  Fragmented Packets Scans in an attempt to bypass rules in some routers  UDP Scan  Sweep Scan here the attacker will scan the same port on several computers. 1
  • 2. The simplest port scan may be the quot;TCP connect()quot; scan. This scan uses a normal TCP connection to determine port availability and utilizes a TCP handshake connection that typically every other TCP application will use on a network. The more expert and malicious intruder will implement what is call a strobe which is a method of scanning fewer ports, usually no more than 20.Of note is the fact that port scanning is easily logged by the services listening at the ports, so, any incoming connection with no data is logged as an error. There is however a number of stealth scan techniques geared toward avoiding detection and an intruder can implement an FTP bounce scan to hide a point of origin. Other methods of stealth port scanning are 1) Splitting the TCP header into several IP fragments- Fragmented packets 2) Half-open scanning or SYN scanning 3) FIN scanning 4) NULL scans The result of a port scan is usually generalized as follows: 1) Open or Accepted 2) Closed or Denied or Not Listening 3) Filtered, Dropped or Blocked Port scanning is typically accomplished with specific software. Basically a port scan occurs when the system sends out a request to connect to the target computer on each port sequentially and registering which if any ports responded. If there was response/s then these responding ports will be open to more in-depth probing. Two common tools to implement port scanning are NMap and Netcat. Netcat can read and write data across TCP and UDP network connections, in addition the Netcat utility can also do a host of other “tricks” such as being utilized as a backdoor, a port redirector and a port listener to name a few. E.g.: Netcat port scanner running the command quot;nc -v -w 2 -z target 20-30quot; will result in a connection to targeted ports between 20 and 30, and possibly indicate the presence of an FTP server or telnet server. Including the “-z” switch should prevent data transmission to a TCP connection as well as a limited one to a UDP connection. To instigate a delay between probes simply add a –i switch. E.g. NMap which is probably the most popular scanner in the world, a basic TCP scan using nmap can be run with the command nmap – sT References: http://www.insecure.org/nmap/n map-fingerprinting-article.htm l http://en.wikipedia.org/wiki/P ort_scanning http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1178844,00.html