Το Port Scan είναι σαν να δοκιμάζετε να ανοίγετε πόρτες σε ένα σπίτι για να δείτε ποιες είναι κλειδωμένες. Ο σαρωτής θα σας εμφανίσει ποιες θύρες είναι ανοιχτές σε ένα router ή σε ένα τείχος protectionς και σεις μπορείτε να χρησιμοποιήσετε αυτές τις πληροφορίες για να βρείτε πιθανές αδυναμίες στου υπολογιστή.
What are Ports
When one device connects to another over a network, it needs a TCP or UDP port number from 0 to 65535. However, some ports are used more often. TCP ports 0 to 1023 are “well-known ports” used by system services. For example, port 21 is used for FTP file transfers, port 22 for Secure Shell terminal connections (ssh), η θύρα 80 είναι τυπική θύρα για την διαδικτυακή κυκλοφορία HTTP και η θύρα 443 είναι για κρυπτογραφημένες συνδέσεις HTTPS. Έτσι, όταν συνδέεστε σε μια by clicking here που διαθέτει HTTPS, το πρόγραμμα περιήγησης “μιλάει” στον web server which "hears" from port 443.
Services should not always run on these particular ports because they are something that everyone knows. For example, you could run an HTTPS web server on the 50000 port or a Secure Shell on the 60000 port.
What is Port Scan?
Port Scan is a process of checking all ports in an IP address to see if they are open or closed. The port scanning software will check from the 0 port to the 65535 port. This can be done by sending a request to each port. If the answer means the door is open.
A network firewall can block or eliminate the process, so Port Scan is also a very good method to locate the ports that are accessible or exposed to the network in a remote system.
Why Port Scan?
Scans are useful for identifying vulnerabilities in a system. A Port Scan can tell an attacker which ports are open on a system, and this will help them devise an attack plan. For example, if he found that the server Secure Shell (SSH) on port 22, an attacker could try to log in and check the system for weak passwords. In some other open port the attacker can check if there is any bug that can be exploited. An old software version may have a known security vulnerability.
These guys detections can also help detect services running on non-default ports. So if you're running an SSH server on port 60000 instead of port 22, Port Scan will reveal that and an attacker could try to SSH into that port. Using a non-default port just makes things a bit more difficult.
Port scans are not only used by attackers, but also for defensive penetration testing. A company for example it may scan its systems frequently to determine which services are exposed to the network and to ensure they are configured securely.
Port Scan Is it dangerous?
A Port Scan can help an attacker find a weak point to attack, but it's the first step. If he finds a door open, it doesn't mean he can go through it. However, he can check her for vulnerabilities and that is the real danger.
Στο οικιακό σας δίκτυο, έχετε σίγουρα ένα router ανάμεσα στον υπολογιστή σας και το Διαδίκτυο. Κάποιος στο διαδίκτυο είναι σε θέση να σαρώσει το router σας και αν δεν βρει κάτι δεν μπορεί να περάσει στο σύστημά σας. Το ίδιο το router λειτουργεί και σαν τείχος προστασίας (firewall), except if you have opened individual ports from your router to any of your devices. The specific ports are exposed on the Internet.
The firewalls of course can be configured to detect port scans and block the traffic from the address that performs the scan.
Port Scan Types
In a Port Scan "TCP full connection", the scanner sends a SYN message (connection request) to a port. If the port is open, the remote system responds with a SYN-ACK message (confirmation). The detector reacts with its own ACK message (confirmation). We are talking about a full TCP connection handshake and the scanner knows that the system is receiving connections to this port.
If the port is closed, the remote system will respond with an RST message. If the remote system simply does not exist on the network, there will be no response.
Some scanners scan "TCP half-open". Instead of going through a full cycle of SYN, SYN-ACK and then ACK, they simply send a SYN and wait for a SYN-ACK or RST response. They do not need to send a final ACK to complete the connection, as SYN-ACK "tells" the scanner everything it needs to know. It's a faster method because fewer packages are needed.
A simple Port Scan is easy to find and the various firewalls can be configured to detect and stop such actions.
This is why some scanning techniques work differently. For example, a Port Scan could detect a few ports or scan all ports but in a much longer time to make it more difficult to locate.