Port Scanning: port scanning is carried out to determine a
list of open ports on the remote host that have certain services or daemons
running. In port scanning, the attacker connects to various TCP and UDP ports
and tries to determine which ports are in listening mode.
1
TCP Port Scanning: Almost all port scans are based on the client
sending a packet containing a particular flag to the target port of the remote system
to determine whether the port is open. Following table lists the type of flags
a TCP packet header can contain.
A typical TCP/IP three way handshake can
be described as follows:
1) The client sends a SYN packet to the server.
2) The server replies with a SYN packet and
acknowledges the clients SYN packet by sending an ACK packet.
3) The client acknowledges the SYN sent by the
server.
Different technique of TCP port
scanning are:
1) TCP
connect port scanning
2) TCP
SYN scanning
3) SYN/ACK
scanning
4) TCP
FIN scanning
5) TCP
NULL scanning
6) TCP
Xmas tree scanning
UDP Ports Scanning: In UDP port
scanning, a UDP packet is sent to each port on the target host one by one.
If the remoter port is closed then the
server replies with a port unreachable ICMP error message. If the port is open then no
such error message is generated.
FTP Bounce Port Scanning: The FTP bounce port scanning technique was discovered
by hobbit. He revealed a very interesting loophole in the FTP protocol that allowed
user connected to the FTP service of a particular system to connect to any
port of another system. This loophole allows anonymous port scanning.
0 comments:
Post a Comment