|
A port scanner is a piece of software designed to search a network host for open ports. This is often used by administrators to check the security of their networks and by crackers to compromise it. Computer software (or simply software) refers to one or more computer programs and data held in the storage of a computer for some purpose. ...
This article or section does not cite its references or sources. ...
It has been suggested that this article or section be merged into Computer port (software). ...
The terms network administrator, network specialist and network analyst designate job positions of engineers involved in computer networks, the people who carry out network administration. ...
For other uses, see Security (disambiguation). ...
Computer networks redirects here. ...
It has been suggested that this article or section be merged into black hat. ...
To portscan a host is to scan for multiple listening ports on a single target host. To portsweep is to scan multiple hosts for a specific listening port. The latter is typically used in searching for a specific service. For example, a SQL based computer worm may port sweep looking for hosts listening on TCP/UDP port 1433. The related Category:SQL statements has been nominated for deletion, merging, or renaming. ...
This is about the computer worm. ...
TCP/IP basic knowledge
The protocol stack that is most common on the Internet today is TCP/IP. In this system, hosts and host services are referenced using two components: an address and a port number. There are 65535 distinct and usable port numbers. Most services use a limited range of numbers; these numbers will eventually become assigned by the IANA when the service becomes important enough. It has been suggested that this article or section be merged with communications protocol. ...
It has been suggested that Internet Protocols be merged into this article or section. ...
In information technology, a server is a computer system that provides services to other computing systems—called clients—over a network. ...
Some port scanners only scan the most common, or most commonly vulnerable, port numbers on a given host. See: List of TCP and UDP port numbers. IANA is responsible for assigning TCP and UDP port numbers to specific uses. ...
The result of a scan on a port is usually generalized into one of three categories:
- Open or Accepted: The host sent a reply indicating that a service is listening on the port.
- Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port.
- Filtered, Dropped or Blocked: There was no reply from the host.
Open ports present two vulnerabilities of which administrators must be wary: A system administrator, or sysadmin, is a person employed to maintain, and operate a computer system or network. ...
- Security and stability concerns associated with the program responsible for delivering the service.
- Security and stability concerns associated with the operating system that is running on the host.
Closed ports only present the later of the two vulnerabilities that open ports do. Blocked ports do not present any reasonable vulnerabilities. Of course, there is the possibility that there aren't any known vulnerabilities in either the software or operating system at this given time. An operating system (OS) is a set of computer programs that manage the hardware and software resources of a computer. ...
The information gathered by a port scan has many legitimate uses, including the ability to verify the security of a network. Port scanning can however also be used by those who intend to compromise security. Many exploits rely upon port scans to find open ports and send large quantities of data in an attempt to trigger a condition known as a buffer overflow. Such behavior can compromise the security of a network and the computers therein, resulting in the loss or exposure of sensitive information and the ability to do work. In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a breach of system security. ...
TCP Scanning The simplest port scanners use the operating system's network functions. Nmap calls this mode connect scan, named after the Unix connect() system call. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned. This scan mode has the advantage that the user doesn't require special privileges. However, using the OS network functions prevents low-level control, so this scan type is less commonly used. Nmap is a free security scanner written by Fyodor. ...
The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite, often simply referred to as TCP/IP. Using TCP, applications on networked hosts can create connections to one another, over which they can exchange streams of data using Stream Sockets. ...
SYN scan is the most popular form of TCP scanning. Rather than use the operating system's network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as "half-open scanning," because it never actually opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with a RST packet, closing the connection before the handshake is completed.
The use of raw networking has several advantages, giving the scanner full control of the packets sent and the timeout for responses, and allowing detailed reporting of the responses. There is debate over which scan is less intrusive on the target host. SYN scan has the advantage that the individual services never actually receive a connection; some services can be crashed with a connect scan. However, the RST during the handshake can cause problems for some network stacks, particularly simple devices like printers. There are no conclusive arguments either way.
UDP Scanning UDP scanning is also possible, although there are technical challenges. UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. However, if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. Most UDP port scanners use this scanning method, and use the absence of a response to infer that a port is open. However, if a port is blocked by a firewall, this method will falsely report that the port is open. If the port unreachable message is blocked, all ports will appear open. This method is also affected by ICMP rate limiting. In a packet-switched network, connectionless mode transmission is transmission in which each packet is prepended with a header containing a destination address sufficient to permit the independent delivery of the packet without the aid of additional instructions. ...
The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet protocol suite. ...
Firewall may refer to: Firewall (construction), a physical barrier inside a building or vehicle, designed to limit the spread of fire, heat and structural collapse Firewall (networking), a logical barrier designed to prevent unauthorized or unwanted communications between sections of a computer network Firewall (film), a 2006 action film written...
In computer networks, rate limiting is the function of controlling the maximum rate of traffic sent or received on a network interface. ...
An alternative approach is to send application-specific UDP packets, hoping to generate an application layer response. For example, sending a DNS query to port 53 will result in a response, if a DNS server is present. This method is much more reliable at identifying open ports. However, it is limited to scanning ports for which an application specific probe packet is available. Common tools (e.g. nmap, nessus) generally have probes for less than 20 UDP services. In some cases, a service may be listening on the port, but configured not to respond to the particular probe packet. Nmap is a free security scanner written by Fyodor. ...
In computer security, Nessus is a comprehensive vulnerability scanning program. ...
To cope with the different limitations of each approach, some scanners offer a hybrid method. For example, using nmap with the -sUV option will start by using the ICMP port unreachable method, marking all ports as either "closed" or "open|filtered". The open|filtered ports are then probed for application responses and marked as "open" if one is received.
Other Scan Types Some more unusual scan types exist. These have various limitations and are not widely used. Nmap supports most of these. Nmap is a free security scanner written by Fyodor. ...
- ACK scan - can find packets allowed through a stateless packet filter.
- FIN scan - can determine if ports are open/closed, even if SYN packets are filtered.
- Protocol scan - determines what IP level protocols (TCP, UDP, GRE, etc.) are enabled.
- Proxy scan - a proxy (SOCKS or HTTP) is used to perform the scan. The target will see the proxy's IP address as the source. This can also be done using some FTP servers.
- Idle Scan - Another method of scanning without revealing your IP address, taking advantage of the predictable ipid flaw.
- CatScan - Checks ports for erroneous packets.
- ICMP scan - determines if a host responds to ICMP requests, such as echo (ping), netmask, etc.
The Graduate Record Examination or the GRE, is a standardized test taken in order to get into graduate school in the United States. ...
Look up proxy in Wiktionary, the free dictionary. ...
SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall. ...
HTTP (for HyperText Transfer Protocol) is the primary method used to convey information on the World Wide Web. ...
“FTP†redirects here. ...
The idle scan is a TCP port scan method that allows the user to send spoofed packets to a computer. ...
The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet protocol suite. ...
For other uses, see Ping (disambiguation). ...
Problems with ISPs and Port Scanning Many Internet service providers deny their customers the ability to perform port scans outside of their home networks. This is usually covered in the Terms of Service or Acceptable Use Policy to which the customer must have already agreed. Other public and private networks may also place such limitations upon their users. “ISP†redirects here. ...
In computing and telecommunication networks (including of course the Internet) terms of service or ToS is an agreement under which a service provider agrees to provide services to the users of the service. ...
An acceptable use policy (AUP; also sometimes acceptable usage policy) is a set of rules applied by many transit networks which restrict the ways in which the network may be used. ...
Some ISPs implement Packet filters or Transparent proxies that prevent outgoing port scans being able to access certain ports. For example, if an ISP provides a transparent HTTP proxy on port 80, port scans of any address will appear to have port 80 open, regardless of target host's actual state. Packet filters are host-based or appliance-based applications, which block or allow network traffic based on a set of rules defined by the administrator. ...
A diagram of a standard proxy A proxy server is a computer that offers a computer network service to allow clients to make indirect network connections to other network services. ...
Port Scanners
Online Portscanner
See also IANA is responsible for assigning TCP and UDP port numbers to specific uses. ...
To meet Wikipedias quality standards, this article may require cleanup. ...
This article describes how security can be achieved through design and engineering. ...
It has been suggested that this article or section be merged into black hat. ...
It has been suggested that Internet Protocols be merged into this article or section. ...
A service scan identifies the services running on a list of open ports. ...
External links - Papers
- Legal implications
- Port Scanning and its Legal Implications from the Asian School of Cyber Laws
- The Ethics and Legality of Port Scanning is a PDF of a paper by Shaun Jamieson, published October 8, 2001 as part of the SANS Reading Room
|
Feeds |
Contact