Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Slides:

Advertisements

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Advertisements

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

Computer Security and Penetration Testing

Guide to TCP/IP, Third Edition

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.

1 Reading Log Files. 2 Segment Format

IP Network Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Port Scanning CT1406 lab#5.

Cyber Security Network Security. ARP Spoofing A computer connected to an IP/Ethernet has two addresses Address of network card (MAC address) Globally.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

System Security Scanning and Discovery Chapter 14.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.

電腦攻擊與防禦 The Attack and Defense of Computers Dr. 許富皓.

Computer Security and Penetration Testing

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

Port Scanning Prabhaker Mateti. Mateti, Port Scanning2 Port scanning Attackers wish to discover services they can break into. Attackers wish to discover.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

Ana Chanaba Robert Huylo

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.

Overview Network communications exposes one to many different types of risks: No protection of the privacy, integrity, or authenticity of messages Traffic.

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

The Transmission Control Protocol (TCP) TCP is a protocol that specifies: –How to distinguish among multiple destinations on a given machine –How to initiate.

Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

1 CSCD434 Lecture 8 Spring 2014 Scanning Activities Network Mapping and Scanning.

Port Scanning. Introduction Port scanning –techniques that attackers use to discover services they can break into. Idea –sending a message to each port,

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.

Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The layers are The four layers of the TCP/IP model are listed.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Linux Networking and Security

Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.

TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.

1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

1 An Error Reporting Mechanism (ICMP). 2 IP Semantics IP is best-effort Datagrams can be –Lost –Delayed –Duplicated –Delivered out of order –Corrupted.

1 CSCD434 Lecture 7 Spring 2012 Scanning Activities Network Mapping and Scanning.

Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF

DoS/DDoS attack and defense

Hands-On Ethical Hacking and Network Defense

TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).

Network and Port Scanning Chien-Chung Shen

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chien-Chung Shen Cyber Scanning Chien-Chung Shen

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Port Scanning James Tate II

Port Scanning (based on nmap tool)

CIT 480: Securing Computer Systems

Information Gathering

Module 18 (More Network Discovery)

Overview of Networking & Operating System Security

DINA YOGA RIAN HASBI YANA

EVAPI - Enumeration Auburn Hacking club

Presentation transcript:

Port Scanning Yiqian Zhang CS 265 Project

What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows. determine what systems are listening & reachable from the Internet. Analyzing underlying weaknesses. Using the weakness for later use.

Port Numbers Well Known Ports: 0 –1023 Echo: 7/tcp ftp-data: 20/udp Non Standard Ports : 1023 and above Yahoo: 5010 Yahoo! Messenger

Port Scanning Techniques Vanilla : Simplest form of port scan. Tries each of the ports on the victim. sending a carefully constructed packet. with a chosen port number.

Stealth Scan Port scanning is easily logged by the services listening at the ports. Designed to go undetected by auditing tools. Scanning at a slow pace. inverse mapping: Generating "host unreachable" ICMP-messages for IPs that do not exist.

TCP Scanner TCP connect scan: Complete a three-way handshake. TCP SYN scan: Half-open scanning. A SYN packet is sent. A listening target respond with a SYN+ACK. A non-listening target respond with a RST. TCP FIN scan: Scanner sends a FIN packet. Closed ports reply with a RST. Open ports ignore the packet entirely.

Bounce Scans The ability to hide tracks is important to attackers. FTP bounce scan: allows the hacker to force the FTP server to do the port scan and send back the results. This bouncing through an FTP server hides where the attacker comes from. The advantage to this approach is harder to trace. The disadvantages are that it is slow.

UDP Scanning In order to find UDP ports, the attacker generally sends empty UDP datagrams. If The port is listening, the service should send back an error message or ignore the incoming datagram. The port is closed, then most operating systems send back an "ICMP Port Unreachable" message. Thus determine which ports are open. Neither UDP packets nor the ICMP errors are guaranteed to arrive, so UDP scanners must also implement retransmission of packets that appear to be lost.

Port Scanning Tools Strobe TCP port scanning utility. One of the fastest and most reliable TCP scanners available. Only looking for those services the attacker knows how to exploit. CMD: Strobe Output: ssh 22/tcp secure shell

Port Scanning Tools nmap Widely known port scanner. Utility for port scanning large networks, although it works fine for single hosts. The guiding philosophy for the creation of nmap was TMTOWTDI (There's More Than One Way To Do It). CMD: nmap –sS Output: Port State Protocol Service 21 open tcp ftp

Port Scanning Tools netcat The Swiss army knife in our security toolkit. Provides basic TCP and UDP port scanning capabilities. By default, netcat uses TCP ports, so for UDP scanning, we need to specify the –u option. For example, CMD: netcat –v –z –w Output: [ ] 25 (smtp) open

Conclusion Has legitimate uses in managing networks. Can also be malicious in nature if someone is looking for a weakened access point to break into your computer. It is rude to scan someone else's hosts or networks without the explicit permission of the owner. Always ask if it'd be okay to scan outside of your own networks.