both hackers as well as security personnel needs to be aware of computer system vulnerabilities, either to exploit them or to plug the holes in security.
vulnerability scanning is method that allows to learn about possible threats to computer system's security (the more we know about open ports & software on target machine, the higher probability of a succesful hack - done or averted).
Host Address.
in networks, including the Internet, computers need to be uniquely addressed, for example with an IP Address.
this address might be for example: '192.168.1.100' or other.
Applications & Ports.
operating systems often provide services, applications that can be 'talked with'. these applications 'listen' on a given port(s), waiting for communication to occur.
for example, a web server might listen on port 80 for internet traffic, once contacted these serve web pages or other internet resources.
Known Ports.
often enough a given port is widely recognized as dedicated for a given service, for example:
- port 22 for ssh,
- port 80 for serving web pages,
... etc.
these ports are usually used as expected, but occasionally might be reassigned to different number for security purposes.
Port Scanning.
a vulnerability scanner is capable of determining the ports that are open on a system by sending successive requests to the various ports, with analysis of the responses to determine which ones are active.
this often leaves a mark of contact attempt, that is logged (written in some form) within a computer system.
an example of a port scanning code is available on a screenshot below (it's written in Java Programming Language):
a simple port scan.
above code is also available for download.
more sophisticated vulnerability scanners might try to guess which application in which version is listening on a given port, by analyzing communication & trying to recognize protocol (form of messages exchanged & their ordering).
even more sophisticated vulnerability scanners might attempt to guess Operating System & Version installed on a computer system, by checking available services & their versions. this is called OS Fingerprinting.
this often is a prelude to hacking attempt.
Speed.
above port scan is fairly slow, there might be speed ups or delays if we use:
- different timeout value (maximum time for attempting port connection),
- parallelization (trying multiple ports at the same time).
Professional Tools.
there are professional tools, for example: NMap.
No comments:
Post a Comment