1 / 10

Computer Security Workshops

Computer Security Workshops. Module 2 - Port Scanning. Port Scanning. Definition: Probing the ports on a remote machine to gain information Port – a virtual identifier on a system for a particular application/protocol Examples: ftp: port 21 ssh: port 22 telnet: port 23 http: port 80

Download Presentation

Computer Security Workshops

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer Security Workshops Module 2 - Port Scanning

  2. Port Scanning • Definition: Probing the ports on a remote machine to gain information • Port – a virtual identifier on a system for a particular application/protocol • Examples: • ftp: port 21 • ssh: port 22 • telnet: port 23 • http: port 80 • Oracle: port 1521 • Usefulness • Attacker: which ports are open? • Defender: which ports are potential vulnerabilities?

  3. Specific Uses • Find out if system is up • Ping scanning • Find open/vulnerable ports – what services are available? • Port scanning • Operating System identification • Certain services are only Windows, Linux, etc. • TCP/IP fingerprinting • Based on packet TTL, packet size, flags set on SYN/SYN|ACK packets in TCP handshaking

  4. How to use this information • Identify exposed ports/services • Shut down any unneeded services • Famous last words - “I didn’t know X was running on my system” • Ensure that services that are running do not have security vulnerabilities

  5. Issues • Possible problems with usage • Options can flood target machine with packets, potentially affecting it (denial of service) • Ethics • Is it ethical to probe an arbitrary system? • Most say “no” • Identification of probing system – may be difficult • http://www.insecure.org/nmap/idlescan.html

  6. Port Scanning Tools • Unix/Linux • strobe • netcat (nc) – reads and writes to TCP/IP; also socat • Windows • SuperScan4 • Both (and others) • nmap (with Zenmap GUI) • List • http://www.cotse.com/tools/pscan.htm

  7. nmap • One of many software implementations of a port scanner • Open source • Available on Windows and Unix, other OS • Supports many hardware options, including some PDAs • Now with GUI front end: zenmap • http://nmap.org

  8. nmap features • Identifies open ports • Options for regular or stealth scanning • Regular scanning – attempt full connection with port; scanned system knows scan is occurring and can identify scanner • Stealth scanning – attempt partial connection with port; scanned system may not know scan is occurring and may not be able to identify scanner • Attempts to identify operating system • Usually correct, but can be fooled

  9. nmap Output Example Starting nmap V. 4.62 (www.insecure.org) Initiating SYN Stealth Scan at 18:16 Scanning localhost (127.0.0.1) [1715 ports] … PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.0.7 22/tcp open ssh (protocol 2.0) 25/tcp open smtp? 80/tcp open http Apache httpd 2.2.9 631/tcp open ipp CUPS 1.3 3306/tcp open mysqlMySQL 5.0.67-0ubuntu6 … Running: Linux 2.6.X OS details: Linux 2.6.17 – 2.6.21

  10. SuperScan4 • Nice Windows GUI • Many extra options • Information on ports/services in HTML report format • IMPORTANT NOTE: to find open ports, go to Host and Service Discovery tab, change Scan Type from SYN to Connect, then do scan

More Related