Port scanning is the process of examining IP addresses to determine what services are running on a network. It can be used by administrators to verify security policies and by attackers to identify vulnerabilities. Nmap is one of the most popular port scanners that adds features like OS detection. Shadow Security Scanner is a port scanning tool that audits services like FTP, SSH, SMTP, and supports expanding capabilities through an open ActiveX architecture. To prevent attacks, network devices should implement IP spoofing and firewalls should only allow necessary traffic while detecting and blocking potentially malicious behavior over time.
2. What is Port scanner?
A port scanner is a software application designed to
probe a server or host for open ports. This is often
used by administrators to verify security policies of
their networks and by attackers to identify running
services on a host with the view to compromise it.
3. The “good way” of doing port scanning
The activity of port scanning can be done as part of
security assessment of one’s own organization seeking to
weed out security holes. It is more of a defensive
approach to seek vulnerabilities and destroy them rather
than reactive approach.
The malicious way of doing port scanning
Hackers or anyone with a malicious intent can do “port
scanning” by systematically probing open ports which
might lead hackers to gain entry into organizations and
steal their private data.
4. Port Scanning
The process of examining a range of IP addresses to
determine what services are running on a network.
Port-scanning tools can be complex, must learn their
strengths and weaknesses and understanding how and
when you should use these tools.
5. Conduct Test
Scan all ports when doing a test, not just the well-
known ports. (Ports 1 to 1023)
Many programs use port numbers outside the range
of well-known ports.
If find that port 65301 is open can check the
information at the CVE Web site for a possible
vulnerability in pc Anywhere.
6. Using Port-Scanning Tools
Hundreds of port-scanning tools are available for
both hackers and security testers.
Not all are accurate, so using more than one port-
scanning tool is recommended.
7. Nmap
One of the most popular port scanners and adds new
features constantly, such as OS detection and fast
multiple-probe ping scanning.
Nmap also has a GUI front end called Zenmap that
makes working with complex options easier.
Open source
8. Nmap
Must hide from network devices or IDSs that recognize
an inordinate amount of pings or packets being sent to
their networks.
This ACK scan constituted a DoS attack on the network
Use stealth attacks that are more difficult to detect.
10. The services supported are: FTP, SSH, Telnet, SMTP, DNS, Finger,
HTTP, POP3, IMAP, NetBIOS, NFS, NNTP, SNMP, Squid (Shadow
Security Scanner is the only scanner to audit proxy servers - other
scanners just verify ports availability), LDAP (Shadow Security
Scanner is the only scanner to audit LDAP servers - other scanners
limit their actions to ports verification), HTTPS, SSL, TCP/IP, UDP,
and Registry services. Because of a fully open (ActiveX-based)
architecture any professional with knowledge of VC++, C++
Builder or Delphi may easily expand the capabilities of the
Scanner. ActiveX technology also enables the system
administrators to integrate Shadow Security Scanner into
practically any ActiveX supporting product.
Shadow Security Scanner
12. Conclusion:
To prevent this type of attack it is essential
therefore that you implement IP spoofing at
the network edge, and also make use of
stateful firewall rules. Since the success of
this type of attack hinges around the
predictability of the IP ID, using systems
that don’t succumb to this (mainly newer
versions of Linux and Solaris) would be best,
although not necessarily possible.
13. Enable only the traffic you need to access internal hosts
— preferably as far as possible from the hosts you’re
trying to protect — and deny everything else. This goes
for standard ports, such as TCP 80 for HTTP and ICMP for
ping requests.
Configure firewalls to look for potentially malicious
behavior over time and have rules in place to cut off
attacks if a certain threshold is reached, such as 10 port
scans in one minute or 100 consecutive ping (ICMP)
requests.
Most firewalls and IPSs can detect such scanning and cut
it off in real time.