1 / 12

Port Scanning

Port Scanning. Yiqian Zhang CS 265 Project . What is Port Scanning?. port scanning is equivalent to knocking on the walls to find all the doors and windows. determine what systems are listening & reachable from the Internet . Analyzing underlying weaknesses.

tulia
Download Presentation

Port Scanning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Port Scanning Yiqian Zhang CS 265 Project

  2. What is Port Scanning? • port scanning is equivalent to knocking on the walls to find all the doors and windows. • determine what systems are listening & reachable from the Internet . • Analyzing underlying weaknesses. • Using the weakness for later use.

  3. Port Numbers • Well Known Ports: • 0 –1023 • Echo: 7/tcp ftp-data: 20/udp • Non Standard Ports: • 1023 and above • Yahoo: 5010 Yahoo! Messenger

  4. Port Scanning Techniques • Vanilla: • Simplest form of port scan. • Tries each of the ports 65535 on the victim. • sending a carefully constructed packet. • with a chosen port number.

  5. Stealth Scan • Port scanning is easily logged by the services listening at the ports. • Designed to go undetected by auditing tools.  • Scanning at a slow pace. • inverse mapping: • Generating "host unreachable" ICMP-messages for IPs that do not exist.

  6. TCP Scanner • TCP connect scan: • Complete a three-way handshake. • TCP SYN scan: • Half-openscanning. • A SYN packet is sent. • A listening target respond with a SYN+ACK. • A non-listening target respond with a RST. • TCP FIN scan: • Scanner sends a FIN packet. • Closed ports reply with a RST. • Open ports ignore the packet entirely.

  7. Bounce Scans • The ability to hide tracks is important to attackers. • FTP bounce scan: • allows the hacker to force the FTP server to do the port scan and send back the results. This bouncing through an FTP server hides where the attacker comes from. • The advantage to this approach is harder to trace. The disadvantages are that it is slow.

  8. UDP Scanning • In order to find UDP ports, the attacker generally sends empty UDP datagrams. If • The port is listening, the service should send back an error message or ignore the incoming datagram. • The port is closed, then most operating systems send back an "ICMP Port Unreachable" message. Thus determine which ports are open. • Neither UDP packets nor the ICMP errors are guaranteed to arrive, so UDP scanners must also implement retransmission of packets that appear to be lost.

  9. Port Scanning Tools • Strobe • TCP port scanning utility. • One of the fastest and most reliable TCP scanners available. • Only looking for those services the attacker knows how to exploit. • CMD: Strobe 192.168.1.10 • Output: 192.168.1.10ssh 22/tcp secure shell

  10. Port Scanning Tools • nmap • Widely known port scanner. • Utility for port scanning large networks, although it works fine for single hosts. • The guiding philosophy for the creation of nmap was TMTOWTDI (There's More Than One Way To Do It). • CMD: nmap –sS 192.168.1.1 • Output: Port State Protocol Service • 21 open tcp ftp

  11. Port Scanning Tools • netcat • The Swiss army knife in our security toolkit. • Provides basic TCP and UDP port scanning capabilities. By default, netcat uses TCP ports, so for UDP scanning, we need to specify the –u option. For example, • CMD: netcat –v –z –w2 192.168.1.1 1-140 • Output: [192.168.1.1] 25 (smtp) open

  12. Conclusion • Has legitimate uses in managing networks. • Can also be malicious in nature if someone is looking for a weakened access point to break into your computer. • It is rude to scan someone else's hosts or networks without the explicit permission of the owner. • Always ask if it'd be okay to scan outside of your own networks.

More Related