Chapter 4: Port Scanners

OVERVIEW

Chapter 1 introduced the versatile Netcat that, amongst several dozen uses, could serve as a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port scanner. Yet where Netcat excelled as an ever-useful utility, its port scanning features and techniques are rather limited: scans use the complete TCP connection handshake (no support for specialized stealth methods ), it can handle only one host at a time, and the format of scan output is rather crude. If you want to gain a more accurate portrait of a single host or a more comprehensive tableau of a network, then you're going to need a tool that combines multiple scanning techniques with user -friendly reporting. This chapter covers several such tools. Each tool enumerates a range of TCP or UDP ports and attempts to determine more detailed information than merely whether a port is open or closed. The methods and capabilities by which each tool performs its tasks vary.

Port scanners are typically the first step in the process of hacking and a necessity to hacking prevention because they help identify potential targets. Nearly every hostregardless of hardware, software, or functionhas some kind of identifying feature. A casual observer with the right tools might be able to discover the services running on a machine (web server, FTP server, mail server, and so on), the version of software, and even the operating system of the host by sending it a few packets of data and scrutinizing how it responds.

In today's world, despite the nearly daily accounts of hacking incidents, many people place their computers on the Internet unprepared. Even within the IT industry, unconcerned system administrators will install the latest version of Linux on a brand-new server, perhaps install some extra software, and let it sit on a network for all the connected world to see. As soon as that box is discovered , though, someone will be able to determine not only that it's running Linux, but also what distribution of Linux it's running as well as the version number.

In the first Case Study at the end of this chapter, you'll learn how the number and types of ports found on a host can help to identify the operating system and software versions running on that host.

In the second Case Study, you'll learn how the technique of banner grabbing can still be used to obtain OS, version, and geographical information about a host.

In the third Case Study, you'll learn how a host's operating system might be identified just by watching how it interacts on a network.



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net