Er Amit Tripathi
Number of posts : 37 Age : 38 Location : Lucknow Job/hobbies : Software Engeener What U like To do ? : I Rocks With Computer System. Registration date : 2008-01-09
| Subject: Port Scanning (Scanning and Footprinting) 7 2/10/2008, 2:33 am | |
| - Quote :
Port scanning is the process of connecting to TCP and UDP ports for the purpose of finding what services and applications are running on the target device. After running applications, open ports and services are discovered, the hacker can then determine the best way to attack the system. A good attacker takes time to build an attack plan and also phases his attack so that he is undetected. The primary step in mapping a target network will be to find the limits of the network and assess the perimeter defenses. The attacker will seek to means of entry by building an inventory of the target network. This will give him an indication regarding any vulnerability that can be exploited and how well the network perimeters are guarded. An attacker might intrude with minimal footprint and lie low to assess what measures are being taken by the target network to detect the intrusion and defend it. Common Ports and Protocols Port Service Protocol 20/21 FTP TCP 22 SSH TCP 23 Telnet TCP 25 SMTP TCP 53 DNS TCP/UDP 69 TFTP UDP 80 HTTP TCP 110 POP3 TCP 135 RPC TCP 161/162 SNMP UDP 1433/1434 MSSQL TCP As you have probably noticed, some of these applications run on TCP, whereas others run on UDP. Although it is certainly possible to scan for all 65,535 TCP and 65,535 UDP ports, many hackers will not. They will concentrate on the first 1,024 ports. These well-known ports are where we find most of the commonly used applications. A list of well-known ports can be found at www.iana.org/assignments/port-numbers. Now, this is not to say that high order ports should be totally ignored because hackers might break into a system and open a high order port, such as 31337, to use as a backdoor. So, is one protocol easier to scan for than the other? Well, the answer to that question is yes. TCP offers more opportunity for the hacker to manipulate than UDP. Let's take a look at why. TCP offers robust communication and is considered a connection protocol. TCP establishes a connection by using what is called a 3-way handshake. Those three steps proceed as follows: The client sends the server a TCP packet with the sequence number flag (SYN Flag) set and an Initial Sequence Number (ISN). The server replies by sending a packet with the SYN/ACK flag set to the client. The synchronize sequence number flag informs the client that it would like to communicate with it, whereas the acknowledgement flag informs the client that it received its initial packet. The acknowledgement number will be one digit higher than the client's ISN. The server will generate an ISN as well to keep track of every byte sent to the client. When the client receives the server's packet, it creates an ACK packet to acknowledge that the data has been received from the server. At this point, communication can begin. | |
|