Er Amit Tripathi
Number of posts : 37
Age : 38
Location : Lucknow
Job/hobbies : Software Engeener
What U like To do ? : I Rocks With Computer System.
Registration date : 2008-01-09
 |  Subject: Port Scanning (Scanning and Footprinting) 7  2/10/2008, 2:33 am | |
| - Quote :
Port scanning is the process of connecting to TCP and UDP ports for
the purpose of finding what services and applications are running on
the target device. After running applications, open ports and services
are discovered, the hacker can then determine the best way to attack
the system.
A good attacker takes time to build an attack plan and also
phases his attack so that he is undetected. The primary step in mapping
a target network will be to find the limits of the network and assess
the perimeter defenses.
The attacker will seek to means of entry by building
an inventory of the target network. This will give him an indication
regarding any vulnerability that can be exploited and how well the network
perimeters are guarded. An attacker might intrude with minimal footprint
and lie low to assess what measures are being taken by the target network
to detect the intrusion and defend it.
Common Ports and Protocols
Port Service Protocol
20/21 FTP TCP
22 SSH TCP
23 Telnet TCP
25 SMTP TCP
53 DNS TCP/UDP
69 TFTP UDP
80 HTTP TCP
110 POP3 TCP
135 RPC TCP
161/162 SNMP UDP
1433/1434 MSSQL TCP As you have probably noticed, some of these applications run on TCP,
whereas others run on UDP. Although it is certainly possible to scan
for all 65,535 TCP and 65,535 UDP ports, many hackers will not. They
will concentrate on the first 1,024 ports. These well-known ports are
where we find most of the commonly used applications.
A list of well-known
ports can be found at www.iana.org/assignments/port-numbers. Now, this
is not to say that high order ports should be totally ignored because
hackers might break into a system and open a high order port, such as
31337, to use as a backdoor. So, is one protocol easier to scan for than
the other?
Well, the answer to that question is yes. TCP offers more
opportunity for the hacker to manipulate than UDP. Let's take a look
at why. TCP offers robust communication and is considered a connection
protocol. TCP establishes a connection by using what is called a 3-way
handshake. Those three steps proceed as follows: The client sends the server a TCP packet with the sequence number flag
(SYN Flag) set and an Initial Sequence Number (ISN).
The server replies by sending a packet with the SYN/ACK flag set to the
client. The synchronize sequence number flag informs the client that
it would like to communicate with it, whereas the acknowledgement flag
informs the client that it received its initial packet. The acknowledgement
number will be one digit higher than the client's ISN. The server will
generate an ISN as well to keep track of every byte sent to the client.
When the client receives the server's packet, it creates an ACK packet
to acknowledge that the data has been received from the server. At this
point, communication can begin. | |
|
