Presentation is loading. Please wait.

Presentation is loading. Please wait.

Port Scanning James Tate II 2012-12-06.

Published byJeffry Ross Modified over 6 years ago

Similar presentations

Presentation on theme: "Port Scanning James Tate II 2012-12-06."— Presentation transcript:

1 Port Scanning James Tate II

2 Background Port Scanning

3 Ports Specify a process on a computer
Specifies protocol and port number Well-known ports: Registered ports: Dynamic / Ephemeral ports: Example: TCP port 25 is SMTP Port Scanning

4 TCP Ports Open or Closed – Listening or Not
Three-way handshake for establishing connection to listening process TCP Specification (RFC 793): “If the connection does not exist (CLOSED) then a reset is sent in response to any incoming segment except another reset.” Port Scanning

5 UDP Ports UDP is connectionless – application maintains only state machine Open ports may or may not respond Closed ports respond with ICMP Port Unreachable message Port Scanning

6 Firewalls Two blocking techniques: drop or reject
Drop silently removes network traffic Reject informs the sender via: ICMP * unreachable ICMP * prohibited TCP RST Port Scanning

7 Stateless vs. Stateful Firewalls
A stateful firewall maintains a list of connections A stateless firewall has no concept of connections – it only sees frames, packets and segments Modern firewalls are virtually all stateful Stateful firewalls allow an administrator to permit requested traffic only Port Scanning

8 Port Scanning Port Scanning

9 Purpose Discover network topology Audit network security Debugging
Malicious intent – “information gathering attack” Audit network security Debugging Port Scanning

10 How it Works Send a segment to a port; analyze response (or lack of response) UDP (UDP Scan) Send a segment Response means port is open ICMP Port Unreachable means port is closed No response could be a drop or an application that does not respond to the transmitted segment Port Scanning

11 How it Works TCP (SYN Scan) Sending SYN segment
SYN-ACK response means port is open; send RST RST response means port is closed (or blocked) ICMP response means port is blocked No response means port is blocked (usually) Also known as “half-open scan” Port Scanning

12 Other Scan Types TCP Connect Scan Very similar to SYN scan
Instead of sending RST after ACK, the three-way handshake completes No data is sent Four-way FIN handshake closes connection Does not require root Port Scanning

13 Other Scan Types TCP ACK Scan – used to determine statefulness of a firewall TCP Null, FIN and X-mas Scans – used to bypass some stateless firewalls Idle Scan – highly clandestine; sends bogus packets to target from a known zombie ICMP Scan – Send echo requests to hosts; not a port scan Port Scanning

14 Nmap “Network exploration tool and security / port scanner”
First released in 1997 – continuously developed since then Versions available for Linux, Solaris, Windows, Mac OS and other BSD variants Supports 13+ port scan techniques and other non-port scanning techniques Port Scanning

15 TCP/IP Fingerprinting
Most TCP/IP stacks are not 100% RFC compliant Certain nuances in the way a system responds to certain packets/segments can determine the operating system Port Scanning

16 TCP/IP Fingerprinting
“Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. After performing dozens of tests such as TCP ISN sampling, TCP options support and ordering, IP ID sampling, and the initial window size check, Nmap compares the results to its nmap-os-db database of more than 2,600 known OS fingerprints and prints out the OS details if there is a match.” – Nmap Reference Guide Port Scanning

17 Glossary Ephemeral Port: a transport protocol port that is briefly used by a TCP, UDP or SCTP client. Firewall: a software or hardware device that secures a system by analyzing network traffic and only permitting some to flow through. Port Scan: A systematic analysis of the network services running on a host by sending probes to transport protocol ports and analyzing the responses. Root: the administrative user of a system. Root privileges are the permission to do anything on a system without security restrictions. Port Scanning

18 References Nmap Reference Guide. Retrieved November 27, 2012. Port scanner. (2012, November 9). In Wikipedia, The Free Encyclopedia. Retrieved November 27, 2012, fromhttp://en.wikipedia.org/w/index.php?title=Port_scanner&oldid= RFC 793. Information Sciences Institute. September 1981. Transmission Control Protocol. (2012, November 4). In Wikipedia, The Free Encyclopedia. Retrieved November 27, 2012, fromhttp://en.wikipedia.org/w/index.php?title=Transmission_Control_Protocol&oldid= Port Scanning

Download ppt "Port Scanning James Tate II 2012-12-06."

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Xmas Tree Scan Detection with Snort Presented by: Aqila Dissanayake University of Windsor Olalekan Kadri University of Windsor

Xmas Tree Scan Detection with Snort Presented by: Aqila Dissanayake University of Windsor Olalekan Kadri University of Windsor
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
TRANSPORT LAYER  Session multiplexing  Segmentation  Flow control (TCP)  Connection-oriented (TCP)  Reliability (TCP)

TRANSPORT LAYER  Session multiplexing  Segmentation  Flow control (TCP)  Connection-oriented (TCP)  Reliability (TCP)
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Introduction To Networking

Introduction To Networking
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Similar presentations

Ads by Google