Port Scan: What I Need to Know and Why

Port Scan is like trying to open doors in a house to see which ones are locked. The scanner will show you which ports are open in one or a firewall and you can use this information to find potential vulnerabilities in your computer.Port Scan

What are Ports

Όταν μια συσκευή συνδέεται με μια άλλη μέσω δικτύου, χρειάζεται ένας αριθμός μιας θύρας TCP ή UDP από το 0 έως το 65535. Ωστόσο, ορισμένες θύρες χρησιμοποιούνται συχνότερα. Οι θύρες TCP 0 έως 1023 είναι “γνωστές θύρες” που χρησιμοποιούν οι συστήματος. Για παράδειγμα, η θύρα 21 χρησιμοποιείται για αρχείων FTP, η θύρα 22 για συνδέσεις τερματικών Shell (SSH), η θύρα 80 είναι τυπική θύρα για την διαδικτυακή κυκλοφορία HTTP και η θύρα 443 είναι για κρυπτογραφημένες συνδέσεις HTTPS. Έτσι, όταν συνδέεστε σε μια ιστοσελίδα που διαθέτει HTTPS, το πρόγραμμα περιήγησης “μιλάει” στον web server που “ακούει” από την θύρα 443.

Services should not always run on these particular ports because they are something that everyone knows. For example, you could run an HTTPS web server on the 50000 port or a Secure Shell on the 60000 port.

What is Port Scan?

Η Port σάρωση είναι μια ελέγχου όλων των θυρών σε μια διεύθυνση IP για να δείτε αν είναι ανοιχτές ή κλειστές. Το λογισμικό σάρωσης θύρας θα ελέγξει από την θύρα 0 μέχρι τη θύρα 65535. Αυτό μπορεί να γίνει στέλνοντας ένα αίτημα σε κάθε θύρα. Αν πάρει απάντηση σημαίνει ότι η θύρα είναι ανοιχτή.

A network firewall can block or eliminate the process, so Port Scan is also a very good method to locate the ports that are accessible or exposed to the network in a remote system.

The tool Nmap is a simple network utility that is used for Port Scan, but there are plenty of scanning tools.

Why Port Scan?

Scans are useful for identifying vulnerabilities in a system. A Port Scan can tell an attacker which ports are open on a system, and this will help them devise an attack plan. For example, if it found the Secure Shell (SSH) server on port 22, the attacker could try to connect and check the system for weak passwords. In some other open port the attacker can check if there is any bug that can be exploited. An old version may have a known security vulnerability.

These types of crawling can also help detect services running on non-default ports. Therefore, if you run an SSH server on the 60000 port instead of the 22 port, Port Scan will disclose it and the attacker could try to connect to SSH from this port. Using a non-default port simply makes things a bit more difficult.

Port scans are not only used by attackers, but also by defenders . A company for example might scan its systems frequently to determine which services are exposed to the network and to make sure they are configured securely.

Port Scan Is it dangerous?

A Port Scan can help an attacker find a weak spot to attack, but it is the first step. Finding a door open does not mean that it can go through it. However, it can check for vulnerabilities and that is the real danger.

In your home network, you definitely have a router between your computer and the Internet. Someone on the internet is able to scan your router and if he finds something he can not get into your system. The router itself also acts as a firewall unless you have opened individual ports from your router to your device. These ports are exposed on the Internet.

The firewalls of course can be configured to detect port scans and block the traffic from the address that performs the scan.

Port Scan Types

In a Port Scan “TCP full ”, the scanner sends a SYN (connection request) message to a port. If the port is open, the remote system responds with a SYN-ACK message. The probe reacts with its own ACK message. We are talking about a full TCP connection handshake and the scanner knows that the system is accepting connections on this port.

If the port is closed, the remote system will respond with an RST message. If the remote system simply does not exist on the network, there will be no response.

Some scanners scan "TCP half-open". Instead of going through a full cycle of SYN, SYN-ACK and then ACK, they simply send a SYN and wait for a SYN-ACK or RST response. They do not need to send a final ACK to complete the connection, as SYN-ACK "tells" the scanner everything it needs to know. It's a faster method because fewer packages are needed.

A simple Port Scan is easy to find and the various firewalls can be configured to detect and stop such actions.
This is why some scanning techniques work differently. For example, a Port Scan could detect a few ports or scan all ports but in a much longer time to make it more difficult to locate.


iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).