150 likes | 430 Views
Computer Hacking & Security. Port Scanning. Rashad Aliyev 2012.05.17. What is Port Scanning?. Different ways and methods of finding out which ports are listening and accepting connections. A port scanner is a software application designed to probe a server or host for open ports .
E N D
Computer Hacking & Security Port Scanning RashadAliyev 2012.05.17
What is Port Scanning? Different ways and methods of finding out which ports are listening and accepting connections. A port scanner is a software application designed to probe a server or host for open ports. An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability of that service.
Who and how uses it? Often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it. Portsweepis to scan multiple hosts for a specific listening port. Typically used in searching for a specific service, for example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port 1433.
How does it work? Open ports present two vulnerabilities of which administrators must be wary: Security and stability concerns associated with the program responsible for delivering the service - Open ports. Security and stability concerns associated with the operating system that is running on the host - Open or Closed ports. Filtered ports do not tend to present vulnerabilities.
How does it work? All forms of port scanning rely on the assumption that the targeted host is compliant with RFC 793 - Transmission Control Protocol. A host might send back strange packets or even generate false positives when the TCP/IP stack of the host is non-RFC-compliant or has been altered. This is especially true for less common scan techniques that are OS-dependent (FIN scanning, for example). The TCP/IP stack fingerprinting method also relies on these kind of different network responses from a specific stimulus to guess the type of the operating system the host is running.
SYN scanning SYN scan is a form of TCP scanning. also known as "half-open scanning", because it never actually opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with a RST packet, closing the connection before the handshake is completed. The use of raw networking has several advantages: full control of the packets sent and the timeout for responses, allowing detailed reporting of the responses. SYN scan has the advantage that the individual services never actually receive a connection. However, the RST during the handshake can cause problems for some network stacks, in particular simple devices like printers.
FIN / X-mas / Null Scans Firewalls, in general, scan for and block packets in the form of SYN packets. FIN packets are able to pass by firewalls with no modification to its purpose. Closed ports reply to a FIN packet with the appropriate RST packet, whereas open ports ignore the packet on hand. X-mas and Null Scan - Are similar to FIN scanning: X-mas sends packets with FIN, URG and PUSH flags turned on like a Christmas tree Null sends a packet with no TCP flags set
Idle Scanning Port scan method that consists of sending spoofed packets to a computer to find out what services are available. This is accomplished by impersonating another computer called a "zombie" (that is not transmitting or receiving information) and observing the behavior of the zombie system.
Idle Scanning The attack involves sending forged packets to a specific machine target in an effort to find distinct characteristics of another zombie machine. The attack is sophisticated because there is no interaction between the attacker computer and the target: the attacker interacts only with the "zombie" computer. Newer OS versions randomize the IP ID, but older OS and hardware typically do not.
The End Thank You! Questions Please!