Port Scanning an Overview
Rav Gagan S.- Director IT Security EBSL Technologies Int’l
Before going ...
The simplest port scan may be the quot;TCP connect()quot; scan. This scan uses a normal TCP connection
to determine port a...
of 2

Port Scanning Overview

A basic oveview of Port Scanning Nmap,Ncat.
Published on: Mar 4, 2016

Transcripts - Port Scanning Overview

  • 1. Port Scanning an Overview Rav Gagan S.- Director IT Security EBSL Technologies Int’l Before going into what port scanning is and entails, I will share a bit about what a port is and port categorization. A port can be defined as an application or process-specific software piece serving as a communications endpoint. This endpoint is used by Transport Layer protocols of the Internet protocol suite namely, TCP & UDP is used universally to communicate on the Internet. Each port is also identified by a 16-bit unsigned integer called the port number. “In TCP/IP terminology, a Port is a software identifier that corresponds to a specific application or protocol running on a host.”- eg Http uses port 80- Network Security: A Practical Approach by Jan Harrington Port numbers are separated into three ranges 1) Well Known Ports 2) Registered Ports and 3) Dynamic and/or Private Ports. In the world of IT Intrusion, Port Scanning is one of the most popular reconnaissance techniques used to discover quot;hackablequot; services. In everyday terminology, it is analogous to a joyrider walking by a group of cars and trying car doors to see which car doors are open, or flipping the sun-visor to get keys. An important fact to keep in mind though, is that port scanning is used by system administrators to diagnose problems on their networks. In a nutshell all port scanning is, is a series of attempts by an intruder or administrator to see which ports on a network is open by attempting to connect to a range of ports on a range of hosts and then gathering information from responding open ports to see what applications or services are associated or running on those ports. Port Scanning is accomplished by implementing software to scan any one of the 0 to 65536 potentially available ports on a computer. Types of port scans:  Vanilla Scan- This is an attempt to connect to all ports  Strobe Scan – Here only a selected number of port connection are attempted (usually under 20)  Stealth Scan – Integrating techniques when scanning which aims to prevent the “request for connection” being logged.  FTP Bounce Scan – Attempting to disguise the origin of the scan by redirecting through an FTP server  Fragmented Packets Scans in an attempt to bypass rules in some routers  UDP Scan  Sweep Scan here the attacker will scan the same port on several computers. 1
  • 2. The simplest port scan may be the quot;TCP connect()quot; scan. This scan uses a normal TCP connection to determine port availability and utilizes a TCP handshake connection that typically every other TCP application will use on a network. The more expert and malicious intruder will implement what is call a strobe which is a method of scanning fewer ports, usually no more than 20.Of note is the fact that port scanning is easily logged by the services listening at the ports, so, any incoming connection with no data is logged as an error. There is however a number of stealth scan techniques geared toward avoiding detection and an intruder can implement an FTP bounce scan to hide a point of origin. Other methods of stealth port scanning are 1) Splitting the TCP header into several IP fragments- Fragmented packets 2) Half-open scanning or SYN scanning 3) FIN scanning 4) NULL scans The result of a port scan is usually generalized as follows: 1) Open or Accepted 2) Closed or Denied or Not Listening 3) Filtered, Dropped or Blocked Port scanning is typically accomplished with specific software. Basically a port scan occurs when the system sends out a request to connect to the target computer on each port sequentially and registering which if any ports responded. If there was response/s then these responding ports will be open to more in-depth probing. Two common tools to implement port scanning are NMap and Netcat. Netcat can read and write data across TCP and UDP network connections, in addition the Netcat utility can also do a host of other “tricks” such as being utilized as a backdoor, a port redirector and a port listener to name a few. E.g.: Netcat port scanner running the command quot;nc -v -w 2 -z target 20-30quot; will result in a connection to targeted ports between 20 and 30, and possibly indicate the presence of an FTP server or telnet server. Including the “-z” switch should prevent data transmission to a TCP connection as well as a limited one to a UDP connection. To instigate a delay between probes simply add a –i switch. E.g. NMap which is probably the most popular scanner in the world, a basic TCP scan using nmap can be run with the command nmap – sT References: http://www.insecure.org/nmap/n map-fingerprinting-article.htm l http://en.wikipedia.org/wiki/P ort_scanning http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1178844,00.html

Related Documents