The Architecture of Windows Computers

Scanning

  • One of the most basic methods of identifying active machines is to perform a ping sweep. Ping is found on just every system running TCP/IP. Although many networks have restricted ping, it is an effective tool if available. Ping uses ICMP and works by sending an echo request to a system and waiting for the target to send an echo reply back.
  • Port scanning is the process of connecting to TCP and UDP ports for the purpose of finding what target device services and applications are open.

    Table FF.2. Common Port Numbers

    Port

    Service

    Protocol

    20/21

    FTP

    TCP

    22

    SSH

    TCP

    23

    Telnet

    TCP

    25

    SMTP

    TCP

    53

    DNS

    TCP/UDP

    69

    TFTP

    UDP

    80

    HTTP

    TCP

    110

    POP3

    TCP

    135

    RPC

    TCP

    161/162

    SNMP

    UDP

    1433/1434

    MSSQL

    TCP

     

    Table FF.3. TCP Flags

    Flag

    Purpose

    SYN

    Synchronize sequence number

    ACK

    Acknowledgement of sequence number

    FIN

    Final data flag used during the 4-step shutdown

    RST

    Reset bit used to close and abnormal connection

    PSH

    Push data bit used to signal that data in this packet should be pushed to the beginning of the queue

    URG

    Urgent data bit used to signify that urgent control characters are in this packet that should have priority

  • TCP Connect scan This type of scan is the most reliable but also the most detectable. It is easily logged and detected since a full connection is established. Open ports reply with a SYN/ACK, whereas closed ports respond with a RST/ACK.
  • TCP SYN scan This type of scan is known as half open because a full TCP connection is not established. This type of scan was originally developed to be stealthy and evade IDS systems, although most now detect it. Open ports reply with a SYN/ACK, whereas closed ports respond with a RST/ACK.
  • TCP FIN scan Forget trying to set up a connection; this technique jumps straight to the shutdown. This type of scan sends a FIN packet to the target port. Closed ports should send back a RST.
  • TCP NULL scan Sure, there should be some type of flag in the packet, but a NULL scan sends a packet with no flags set. If the OS has implemented TCP per RFC 793, closed ports will return a RST.
  • TCP ACK scan This scan attempts to determine access control list (ACL) rule sets or identify if stateless inspection is being used. If an ICMP destination is unreachable, a communication administrative prohibited message is returned, the port is considered to be filtered.
  • TCP XMAS scan A port scan that has toggled on the FIN, URG, and PSH flags. Closed ports should return a RST.

Enumeration





Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg
Simiral book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net