Monday, August 2, 2010

PORT SCANNERS
(A HACKERS REVIEW)

This post will deal with basic workability of various port scanners, and how a system administrator can protect his network against such a hack attempt, which uses port scanners.
First of lets know " what a port scanner is? " ;
so, lets discuss the type of ports
PORTS:
Ports are of two types-
1. Hardware Ports
2. Software Ports
1. Hardware Ports :-
These ports are slots existing behind the CPU cabinet of your system, for example COM 1, COM2,PARALLEL PORTS etc.
2. Software Ports :-
Software ports are the virtual ports, these are much like a pipe through which information transfer takes place. All the open ports have services or daemons(Demons are nothing but, Softwares) running on these ports, which provides services to the connected users; for example Port 25 is always associated with handling mails.
In our discussion of port scanners we are concerned with Software Ports
only.
PORT SCANNERS:-
A port scanner is a program that automatically detects the security weaknesses of a Remote or Local hosts.
Though, port scanners are discovered everyday. A few well useful Port scanners are:-

  • NMAP : A different version of NMAP is available for LINUX and WINDOWS platforms, and can be downloaded from www.nmap.org/download.html
  • NETCAT : NETCAT is also available in LINUX and WINDOWS versions and can be downloaded from www.netcat.li/download.html
  • HPING :- It is available at www.wiki.hping.org.
NMAP and HPING is free, while one can download trial version of NETCAT free of cost.

When you run a Port scanner such as one-of-these against a forign ip-address, it will reveals the open services on a given network, for example, result of running a port scan on a system may reveal this information -
PORT NUMBER SERVICES
21 FTP
23 TELNET
25 SMTP
53 DNS
79 FINGER
80 HTTP
110 POP
etc.
Port scanners were earlier written mostly for UNIX, but today most of them are also available for windows platform.

THREAT OF PORT-SCANNERS TO SYSTEM ADMINISTRATORS:-

  • Some of the port scanners particularly SYN/FIN scanners are undetectable(called stealth), thus system or network Administrator cannot find the hackers IP-ADDRESS in the security logs.
  • The above fact makes deadly combination if, attacker uses a ip-address hiding utility or software like one available on www.anonymizer.com
  • New and advanced Port scanners are developed everyday, either by hackers or by system Administrators.
  • LEGAL PROSPECTS: Running a port scanner against a ip-address is not a crime at all. Actually most of them are meant to help network Administrators, telling them about "BACK DOORS" of their networks. But, one wonder that there is no point in running a port scan against a foreign ip unless you are about to hack.
So, you need a full proof of hack attempt and merely running a port scan does not proof anything.

SYN/FIN PORT SCANNERS:
INTERNET TRANSMISSIONS follow certain rigid
protocols. Normally the sender first transmits an
introductory message packet containing a SYN flag
to synchronize the upcoming communication (top).
The receiver then returns an ACK, which
acknowledges the request, and a SYN. After
obtaining this information, the sender transmits an
ACK, which completes the necessary three-way
handshake. Only then can the sender dispatch the
message itself. When finished, he issues a FIN flag,
and the receiver returns an ACK, which officially
closes the correspondence. A hacker can circumvent
the process by sending just a premature FIN, from
which the hapless receiver might return an RST, or
reset, packet (bottom). The response—or lack of
one—reveals certain information about the receiver,
but because no three-way hand shake was ever
completed, the transmission is not recorded in the
receiver’s logs. The hacker can thus probe an
unwitting computer in relative secrecy.
If a port is closed, however, the computer will return
an RST (reset) packet. But because this computer
does not truly recognize a connection until it has
completed the opening three-way handshake, it does
not record the transmission in its logs. Thus, a FIN
scanner can probe a computer in relative secrecy
without ever having opened any official connections.
PREVENTIVE MEASURES FOR SYSTEM/NETWORK ADMINISTRATORS :-
1. Administrator should check for his/her networks security flaws, by running latest port scanners against their own network, and close all " backdoor" if at all opened.

2. Keep careful watch on the sites that provides anonymity services and check yourself "what services they really provide?" or " if they keep a log of their original ip addresses?"
You can ask them to provide you original ip-addresses (of visitors at least even if it is encrypted) and knowing the exact time of hack attempt, you can probably figure out the attackers original ip-address.
3. Always use a strong Firewalls for your network.

4. Never reveal anyone the type or version of operating system you are using for networking, and keep your operating system always up-dated because once hacker knew " What he/she is dealing with ? ", this will make their attack easier. Moreover, you should note that a older version has always few " vulnerabilities".


Free SEO Tools



2AddLink Web Link Directory



Computers Directory
Posted by at No comments:
Subscribe to: Comments (Atom)