|
|
Port Scanning is one of the most popular reconnaisance techniques hackers use to discover services they can break into. A potential victim computer runs many 'services' that listen at well-known 'ports'. By scanning which ports are available on the victim, the hacker finds potential weaknesses that can be exploited. The various techniques in scanning are: - vanilla
- Attempts to connect to all the ports
- strobe
- Connects to a few ports
- stealth scan
- Uses SYN scan, FIN scans, or other techniques to prevent logging of the scan
- FTP bounce scan
- Bounces through an FTP server to hide where the hacker comes from
- fragmented packets
- Pentrates simple packet filter firewalls
- UDP
- Finds open UDP ports
- sweep
- Connects to one port on a lot of machines
The simplest port scan simply tries each of the 65536 available ports on the victim to see which ones are open. A strobe does a more narrow scan, only looking for those services the hacker knows how to exploit (typically 5-20 services).
- nmap (2)
The most popular port scanner
- half-open (0)
aka. "SYN scan" or "stealth scan"
- flags (0)
stealth scans such as Xmas scan, FIN scan, NULL scan
- UDP (0)
UDP scans
| |
|
