In practice applications that access the network can do so using either TCP or

In practice applications that access the network can

This preview shows page 7 - 9 out of 22 pages.

In practice, applications that access the network can do so using either TCP or UDP, based on how the service is designed. An effective port scan will be designed to take into account both TCP and UDP as part of the scanning process; these protocols work in different ways. TCP acknowledges each connection attempt; UDP does not, so it tends to produce less reliable results. TABLE 6-1 Common port numbers. PORT SERVICE PROTOCOL 20/21 FTP TCP 22 SSH TCP 23 Telnet TCP 25 SMTP TCP 53 DNS TCP/UDP 80 HTTP TCP 110 POP3 TCP 135 RPC TCP 161/162 SNMP UDP 1433/1434 MSSQL TCP A complete list of all ports and their assigned services is available at assignment/port-numbers . Memorizing all the ports available is not necessary and a pointless exercise; instead, it is worth knowing several of the common ports and looking up those that are suspicious or unusual. A good practice is to be able to access the list of ports at a site such as in case an unfamiliar port appears on a scan.
Image of page 7
144 PART 2 | A Technical Overview of Hacking A Closer Look at TCP Port Scanning Techniques TCP is a protocol that was designed to enable reliable communication, fault tolerance, and reliable delivery. Each of these attributes allows for a better communication mechanism, but at the same time these features allow an attacker to craft TCP packets designed to gain information about running applications or services. To better understand these attacks, a quick overview of flags is needed. Flags are bits that are set in the header of a packet, each describing a specific behavior as shown in Table 6-2. A penetration tester or attacker with a good knowledge of these flags can use this knowledge to craft packets and tune scans to get the best results every time. TCP offers a tremendous capability and flexibility due to flags that can be set as needed. However, UDP does not offer the same capabilities, largely because of the mechanics of the protocol itself. UDP can be thought of as a fire-and-forget or best-effort protocol and, as such, uses none of the flags and offers none of the feedback that is provided with TCP. UDP is harder to scan with successfully; as data is transmitted, there are no mechanisms designed to deliver feedback to the sender. A failed delivery of a packet from a client to a server offers only an ICMP message as an indicator of events that have transpired. One of the mechanisms that port scanning relies on is the use of a feature known as flags. Flags are used in the TCP protocol to describe the status of a packet and the commu- nication that goes with it. For example a packet flagged with the FIN flag signals the end or clearing of a connection. The ACK flag is a signal used to indicate that a connection has been acknowledged. An XMAS scan is a packet that has all its flags active at once, in effect “lit up” like a XMAS tree.
Image of page 8
Image of page 9

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture