This chapter is all about Port scanning and some of the various tools available to security
testers. Port scanning is a method to detect which services a host computer
offers. Listed below are some of the types of port scans.
- SYN scan - Stealthy scan
- Connect scan - Completes three-way handshake
- NULL scan - Packet flags are turned off
- XMAS scan - FIN, PSH and URG flags are set
- ACK scan - Used to get past firewall
- FIN scan - Closed port responds with an RST packet
- UDP scan - Closed port responds with ICMP “Port Unreachable” message
Some of the
port scanning tools are:
- Nmap – It is currently the standard port-scanning tool for security testers. You are able to customized Nmap with different commands.
- Unicornscan – This is used primarily on large networks. This product is considering an all in one tool.
- Nessus - No longer under GPL license.
- OpenVas - Performs complex queries while client interfaces with server. Capable of updating security check plug-ins.
Ping sweeps
are done to identify which IP addresses belong to active hosts. The Fping can
ping multiple IP addresses at the same time. The input file is typically
created with a shell-script. The Hping is often used to bypass filtering
devices. This tool offers an abundant amount of features for advanced port
scanning.
The end of
the chapter goes into some discussion about scripting and the importance of
being able to customize programs. Shown below are some of the basic commands. This
can be both a time and money saver.
No comments:
Post a Comment