Port Scanning: Understanding Different Types, Tools, and Legal Implications, Essays (university) of Computer Science

An in-depth exploration of port scanning, a crucial aspect of ethical hacking and network defense. Learn about various types of port scans, popular port-scanning tools, and legal considerations. Understand how to use these techniques to identify vulnerabilities and secure networks.

Typology: Essays (university)

2020/2021

Uploaded on 04/29/2021

shabir-ahmad-5
shabir-ahmad-5 🇵🇰

4

(1)

6 documents

1 / 41

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Hands-On Ethical
Hands-On Ethical
Hacking and Network
Hacking and Network
Defense
Defense
Chapter 5
Chapter 5
Port Scanning
Port Scanning
Last updated 9-18-08
Last updated 9-18-08
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29

Partial preview of the text

Download Port Scanning: Understanding Different Types, Tools, and Legal Implications and more Essays (university) Computer Science in PDF only on Docsity!

Hands-On EthicalHands-On Ethical

Hacking and Network Hacking and Network

Defense Defense

Chapter 5 Chapter 5 Port Scanning Port Scanning Last updated 9-18-08 Last updated 9-18-

Objectives Objectives

 Describe port scanningDescribe port scanning

Describe different types of port scansDescribe different types of port scans

 Describe various port-scanning toolsDescribe various port-scanning tools

 Explain what ping sweeps are used forExplain what ping sweeps are used for

Explain how shell scripting is used toExplain how shell scripting is used to automate security tasks automate security tasks

44

AW Security Port Scanner AW Security Port Scanner

 A commercial tool to identify vulnerabilitiesA commercial tool to identify vulnerabilities

Introduction to Port Scanning Introduction to Port Scanning

(continued) (continued)

 Port scanning programs reportPort scanning programs report

 Open portsOpen ports  Closed portsClosed ports  (^) Filtered portsFiltered ports  (^) Best-guess assessment of which OS isBest-guess assessment of which OS is running running

Normal TCP Handshake Normal TCP Handshake

Client Client SYNSYN  ServerServer Client Client  SYN/ACKSYN/ACK ServerServer Client Client ACKACK  ServerServer

After this, you are ready to send data After this, you are ready to send data

88

SYN Port Scan SYN Port Scan

Client Client SYNSYN  ServerServer Client Client  SYN/ACKSYN/ACK ServerServer Client Client RSTRST  ServerServer The server is ready, but the client decided The server is ready, but the client decided not to complete the handshake not to complete the handshake

Types of Port Scans Types of Port Scans

 Connect scanConnect scan

 (^) Completes the three-way handshakeCompletes the three-way handshake  Not stealthy--appears in log filesNot stealthy--appears in log files  (^) Three statesThree states  (^) ClosedClosed  (^) OpenOpen  (^) FilteredFiltered

Types of Port Scans Types of Port Scans

 NULL scanNULL scan

 (^) All the packet flags are turned offAll the packet flags are turned off  Two results:Two results:  (^) Closed ports reply withClosed ports reply with RST RST  (^) Open or filtered ports giveOpen or filtered ports give no response no response

Windows Machines Windows Machines

 NULL, XMAS and FIN scans don't work onNULL, XMAS and FIN scans don't work on

Windows machines Windows machines  Win 2000 Pro and Win Server 2003 shows allWin 2000 Pro and Win Server 2003 shows all ports closed ports closed  Win XP Pro all ports open/filteredWin XP Pro all ports open/filtered  (^) See the NMAP tutorial (link Ch 5c)See the NMAP tutorial (link Ch 5c)

Types of Port Scans Types of Port Scans

 Ping scanPing scan

 (^) Simplest method sends ICMP ECHOSimplest method sends ICMP ECHO REQUEST to the destination(s) REQUEST to the destination(s)  (^) TCP Ping sends SYN or ACK to any portTCP Ping sends SYN or ACK to any port (default is port 80 for Nmap) (default is port 80 for Nmap)  (^) Any response shows the target is upAny response shows the target is up

Using Port-Scanning Tools Using Port-Scanning Tools

 NmapNmap

UnicornscanUnicornscan

 NetScanTools Pro 2004NetScanTools Pro 2004

 NessusNessus

Nmap Nmap

 Originally written for Phrack magazineOriginally written for Phrack magazine

One of the most popular toolsOne of the most popular tools

 GUI versionsGUI versions

 Xnmap and Ubuntu's NmapFEXnmap and Ubuntu's NmapFE

 Open source toolOpen source tool

 Standard tool for security professionalsStandard tool for security professionals

Unicornscan Unicornscan

 Developed in 2004 for Linux & UNIX onlyDeveloped in 2004 for Linux & UNIX only

Ideal for large networksIdeal for large networks

 Scans 65,535 ports in three to sevenScans 65,535 ports in three to seven

seconds seconds

Optimizes UDP scanningOptimizes UDP scanning

 Alco can use TCP, ICMP, or IPAlco can use TCP, ICMP, or IP

 Free from http://unicornscan.org/ (link Ch 5f)Free from http://unicornscan.org/ (link Ch 5f)

NetScanTools Pro NetScanTools Pro

 Robust easy-to-use commercial toolRobust easy-to-use commercial tool
 Runs on WindowsRuns on Windows
 Types of testsTypes of tests

 Database vulnerabilitiesDatabase vulnerabilities  DHCP server discoveryDHCP server discovery  IP packets viewerIP packets viewer  Name server lookupName server lookup  OS fingerprintingOS fingerprinting  Many more (see link Ch 5g)Many more (see link Ch 5g)