Port Scanners
Port scanners are probably the most commonly used scanning tools on the Internet.These tools scan large IP spaces and report on the systems they encounter, the ports
available, and other information, such as OS types. The most popular port scanner is
Network Mapper (Nmap).
The Nmap port scanner is described as follows on the Nmap web site:
Nmap (“Network Mapper”) is an open source utility for network exploration or
security auditing. It was designed to rapidly scan large networks, although it
works fine against single hosts. Nmap uses raw IP packets in novel ways to
determine what hosts are available on the network, what services (ports) they are
offering, what operating system (and OS version) they are running, what type of
packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs
on most types of computers, and both console and graphical versions are
available. Nmap is free software, available with full source code under the terms
of the GNU GPL.3
Nmap is an excellent security tool because it allows you to determine which services
are being offered by a system. Because Nmap is optimized to scan large IP ranges, it
can be run against all IP addresses used by an organization, or all cable modem IP
addresses provided by an organization. After using Nmap to find machines and
identify their services, you can run the Nessus vulnerability scanner against the
vulnerable machines.
Nmap supports an impressive array of scan types that permit everything from TCP
SYN (half open) to Null scan sweeps. Additional options include OS fingerprinting,
parallel scan, and decoy scanning, to name a few. Nmap supports a graphical
version through xnmap. For more information about Nmap, refer to the Nmap web
site
Using Port Scanners
To demonstrate the capabilities of the Nmap port scanner, we ran the following scan.
The output of the scan reveals the services running on the machine. Nmap’s ability
to identify the OS running on the system is particularly useful because it can
significantly reduce the time required to launch a successful attack against the machine.
The output of the scan reveals the services running on the machine. Nmap’s ability
to identify the OS running on the system is particularly useful because it can
significantly reduce the time required to launch a successful attack against the machine.
The Nmap output is as follows:
# /usr/local/nmap -O ganassi
Starting nmap V. 2.53 (www.insecure.org/nmap/)
Interesting ports on ganassi (10.8.10.231):
(The 1515 ports scanned but not shown below are in state: closed)
Port State Service
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
37/tcp open time
79/tcp open finger
111/tcp open sunrpc
512/tcp open exec
513/tcp open login
514/tcp open shell
515/tcp open printer
540/tcp open uucp
1103/tcp open xaudio
4045/tcp open lockd
6112/tcp open dtspc
7100/tcp open font-service
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
32775/tcp open sometimes-rpc13
32776/tcp open sometimes-rpc15
32777/tcp open sometimes-rpc17
32778/tcp open sometimes-rpc19
Remote operating system guess: Solaris 2.6 - 2.7
Uptime 0.054 days (since Wed Sep 12 09:41:59 2001)
Nmap run completed -- 1 IP address (1 host up) scanned in 37 seconds
# /usr/local/nmap -O ganassi
Starting nmap V. 2.53 (www.insecure.org/nmap/)
Interesting ports on ganassi (10.8.10.231):
(The 1515 ports scanned but not shown below are in state: closed)
Port State Service
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
37/tcp open time
79/tcp open finger
111/tcp open sunrpc
512/tcp open exec
513/tcp open login
514/tcp open shell
515/tcp open printer
540/tcp open uucp
1103/tcp open xaudio
4045/tcp open lockd
6112/tcp open dtspc
7100/tcp open font-service
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
32775/tcp open sometimes-rpc13
32776/tcp open sometimes-rpc15
32777/tcp open sometimes-rpc17
32778/tcp open sometimes-rpc19
Remote operating system guess: Solaris 2.6 - 2.7
Uptime 0.054 days (since Wed Sep 12 09:41:59 2001)
Nmap run completed -- 1 IP address (1 host up) scanned in 37 seconds
No comments:
Post a Comment