Scribd
Upload
104 views

Port Scanning

Port scanning involves probing the ports on a remote machine to identify which ports are open and which services may be vulnerable. Common port scanning tools like Nmap can detect open ports, attempt to identify the operating system, and provide output on potential vulnerabilities. While port scanning can provide useful information to defenders, care must be taken to avoid flooding target machines or scanning without permission, as such activities may be unethical or illegal.

Uploaded by

letharjic
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
104 views

Port Scanning

Port scanning involves probing the ports on a remote machine to identify which ports are open and which services may be vulnerable. Common port scanning tools like Nmap can detect open ports, attempt to identify the operating system, and provide output on potential vulnerabilities. While port scanning can provide useful information to defenders, care must be taken to avoid flooding target machines or scanning without permission, as such activities may be unethical or illegal.

Uploaded by

letharjic
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 10

Computer Security

Workshops

Module 2 - Port Scanning


Port Scanning
Definition: Probing the ports on a remote
machine to gain information
 Port – a virtual identifier on a system for a particular
application/protocol
 Examples:
ftp: port 21
ssh: port 22
telnet: port 23
http: port 80
Oracle: port 1521
Usefulness
 Attacker: which ports are open?
 Defender: which ports are potential vulnerabilities?
Specific Uses
Find out if system is up
 Ping scanning
Find open/vulnerable ports – what services are
available?
 Port scanning
Operating System identification
 Certain services are only Windows, Linux, etc.
 TCP/IP fingerprinting
 Based on packet TTL, packet size, flags set on
SYN/SYN|ACK packets in TCP handshaking
How to use this information
Identify exposed ports/services
Shut down any unneeded services
 Famous last words - “I didn’t know X was
running on my system”
Ensure that services that are running do
not have security vulnerabilities
Issues
Possible problems with usage
 Options can flood target machine with packets,
potentially affecting it (denial of service)
Ethics
 Is it ethical to probe an arbitrary system?
Most say “no”
Identification of probing system – may be difficult
 http://www.insecure.org/nmap/idlescan.html
Port Scanning Tools
Unix/Linux
 strobe
 netcat (nc) – reads and writes to TCP/IP; also socat
Windows
 SuperScan4
Both (and others)
 nmap (with Zenmap GUI)
List
 http://www.cotse.com/tools/pscan.htm
nmap
One of many software implementations of
a port scanner
Open source
Available on Windows and Unix, other OS
Supports many hardware options,
including some PDAs
Now with GUI front end: zenmap
http://nmap.org
nmap features
Identifies open ports
 Options for regular or stealth scanning
Regular scanning – attempt full connection with
port; scanned system knows scan is occurring and
can identify scanner
Stealth scanning – attempt partial connection with
port; scanned system may not know scan is
occurring and may not be able to identify scanner
Attempts to identify operating system
 Usually correct, but can be fooled
nmap Output Example
Starting nmap V. 4.62 (www.insecure.org)
Initiating SYN Stealth Scan at 18:16
Scanning localhost (127.0.0.1) [1715 ports]

PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.0.7
22/tcp open ssh (protocol 2.0)
25/tcp open smtp?
80/tcp open http Apache httpd 2.2.9
631/tcp open ipp CUPS 1.3
3306/tcp open mysql MySQL 5.0.67-0ubuntu6

Running: Linux 2.6.X
OS details: Linux 2.6.17 – 2.6.21
SuperScan4
Nice Windows GUI
Many extra options
Information on ports/services in HTML
report format
IMPORTANT NOTE: to find open ports, go
to Host and Service Discovery tab, change
Scan Type from SYN to Connect, then do
scan

You might also like