100%(1)1 out of 1 people found this document helpful
This preview shows page 7 - 9 out of 22 pages.
In practice, applications that access the network can do so using either TCP or UDP, based on how the service is designed. An effective port scan will be designed to take into account both TCP and UDP as part of the scanning process; these protocols work in different ways. TCP acknowledges each connection attempt; UDP does not, so it tends to produce less reliable results. TABLE 6-1Common port numbers.PORTSERVICEPROTOCOL20/21FTPTCP22SSHTCP23TelnetTCP25SMTPTCP53DNSTCP/UDP80HTTPTCP110POP3TCP135RPCTCP161/162SNMPUDP1433/1434MSSQLTCPA complete list of all ports and their assigned services is available atassignment/port-numbers. Memorizing all the ports available is not necessary and a pointlessexercise; instead, it is worth knowing several of the common ports and looking up those thatare suspicious or unusual. A good practice is to be able to access the list of ports at a sitesuch asin case an unfamiliar port appears on a scan.
144PART 2|A Technical Overview of Hacking A Closer Look at TCP Port Scanning Techniques TCP is a protocol that was designed to enable reliable communication, fault tolerance, and reliable delivery. Each of these attributes allows for a better communication mechanism, but at the same time these features allow an attacker to craft TCP packets designed to gain information about running applications or services. To better understand these attacks, a quick overview of flags is needed. Flags are bits that are set in the header of a packet, each describing a specific behavior as shown in Table 6-2. A penetration tester or attacker with a good knowledge of these flags can use this knowledge to craft packets and tune scans to get the best results every time. TCP offers a tremendous capability and flexibility due to flags that can be set as needed. However, UDP does not offer the same capabilities, largely because of the mechanics of the protocol itself. UDP can be thought of as a fire-and-forget or best-effort protocol and, as such, uses none of the flags and offers none of the feedback that is provided with TCP. UDP is harder to scan with successfully; as data is transmitted, there are no mechanisms designed to deliver feedback to the sender. A failed delivery of a packet from a client to a server offers only an ICMP message as an indicator of events that have transpired. One of the mechanisms that port scanning relies on is the use of a feature known as flags. Flags are used in the TCP protocol to describe the status of a packet and the commu-nication that goes with it. For example a packet flagged with the FIN flag signals the end or clearing of a connection. The ACK flag is a signal used to indicate that a connection has been acknowledged. An XMAS scan is a packet that has all its flags active at once, in effect “lit up” like a XMAS tree.