Port Scanning - PowerPoint PPT Presentation

About This Presentation
Title:

Port Scanning

Description:

Echo: 7/tcp ftp-data: 20/udp. Non Standard Ports: 1023 and above. Yahoo: 5010 Yahoo! Messenger. Port Scanning Techniques. Vanilla: Simplest form of port scan. ... – PowerPoint PPT presentation

Number of Views:378
Avg rating:3.0/5.0
Slides: 13
Provided by: cat973
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Port Scanning


1
Port Scanning
  • Yiqian Zhang
  • CS 265 Project

2
What is Port Scanning?
  • port scanning is equivalent to knocking on the
    walls to find all the doors and windows.
  • determine what systems are listening reachable
    from the Internet .
  • Analyzing underlying weaknesses.
  • Using the weakness for later use.

3
Port Numbers
  • Well Known Ports
  • 0 1023
  • Echo 7/tcp ftp-data 20/udp
  • Non Standard Ports
  • 1023 and above
  • Yahoo 5010 Yahoo! Messenger

4
Port Scanning Techniques
  • Vanilla
  • Simplest form of port scan.
  • Tries each of the ports 65535 on the victim.
  • sending a carefully constructed packet.
  • with a chosen port number.

5
Stealth Scan
  • Port scanning is easily logged by the services
    listening at the ports.
  • Designed to go undetected by auditing tools. 
  • Scanning at a slow pace.
  • inverse mapping
  • Generating "host unreachable" ICMP-messages for
    IPs that do not exist.

6
TCP Scanner
  • TCP connect scan
  • Complete a three-way handshake.
  • TCP SYN scan
  • Half-open scanning.
  • A SYN packet is sent.
  • A listening target respond with a SYNACK.
  • A non-listening target respond with a RST.
  • TCP FIN scan
  • Scanner sends a FIN packet.
  • Closed ports reply with a RST.
  • Open ports ignore the packet entirely.

7
Bounce Scans
  • The ability to hide tracks is important to
    attackers.
  • FTP bounce scan
  • allows the hacker to force the FTP server to do
    the port scan and send back the results. This
    bouncing through an FTP server hides where the
    attacker comes from.
  • The advantage to this approach is harder to
    trace. The disadvantages are that it is slow.

8
UDP Scanning
  • In order to find UDP ports, the attacker
    generally sends empty UDP datagrams. If
  • The port is listening, the service should send
    back an error message or ignore the incoming
    datagram.
  • The port is closed, then most operating systems
    send back an "ICMP Port Unreachable" message.
    Thus determine which ports are open.
  • Neither UDP packets nor the ICMP errors are
    guaranteed to arrive, so UDP scanners must also
    implement retransmission of packets that appear
    to be lost.

9
Port Scanning Tools
  • Strobe
  • TCP port scanning utility.
  • One of the fastest and most reliable TCP scanners
    available.
  • Only looking for those services the attacker
    knows how to exploit.
  • CMD Strobe 192.168.1.10
  • Output 192.168.1.10 ssh 22/tcp secure shell

10
Port Scanning Tools
  • nmap
  • Widely known port scanner.
  • Utility for port scanning large networks,
    although it works fine for single hosts.
  • The guiding philosophy for the creation of nmap
    was TMTOWTDI (There's More Than One Way To Do
    It).
  • CMD nmap sS 192.168.1.1
  • Output Port State Protocol Service
  • 21 open tcp
    ftp

11
Port Scanning Tools
  • netcat
  • The Swiss army knife in our security toolkit.
  • Provides basic TCP and UDP port scanning
    capabilities. By default, netcat uses TCP ports,
    so for UDP scanning, we need to specify the u
    option. For example,
  • CMD netcat v z w2 192.168.1.1 1-140
  • Output 192.168.1.1 25 (smtp) open

12
Conclusion
  • Has legitimate uses in managing networks.
  • Can also be malicious in nature if someone is
    looking for a weakened access point to break into
    your computer.
  • It is rude to scan someone else's hosts or
    networks without the explicit permission of the
    owner.
  • Always ask if it'd be okay to scan outside of
    your own networks.
Write a Comment
User Comments (0)
About PowerShow.com