October 28th, 2002, 07:29 PM
The Purpose of port Scanning ?
The main purpose of port scanning is to find out as much information as you can on the target in order to see if there's any known vulnerbilities - correct?? For instance, in the example below. I learn that pcanywheredata uses port 5631 to communicate. So my goal would be to look for known exploits with PC Anywhere. Is this the main purpose of port scanning?
ort State Service
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
139/tcp filtered netbios-ssn
443/tcp open https
513/tcp open login
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
3372/tcp open msdtc
5631/tcp open pcanywheredata
October 28th, 2002, 07:35 PM
Vulnerability testing, yes I would say so.
It's just a generic starting point though.
Living life one line of error free code at a time.
October 28th, 2002, 08:05 PM
in a nutshell, the purpose of portscanning, would be to scan (a network) for open ports. its main purpose is not necessarily to find vulnerabilites.
Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!
October 28th, 2002, 09:01 PM
Some admins use port scanning to detect unauthorised services run by their users as well as to check for potential security risks.
So you can use it to check for policy violations as well as security ones.
October 28th, 2002, 10:32 PM
It can be used to find out what services are running on a server. I sometimes use it to find out if port 80 on my http server is excepting connections. As others have stated you can find backdoors that someone might have opened on your server. If you use a program like nmap it can even tell you what type of OS it is running.
October 28th, 2002, 11:06 PM
Here is an useful list of Ports numbers, you can find the original (and probably more up to date) document at the Iana site... I think (I have not the courage to really explore the site now and I forgot all about it).
Please don't forget to think that a service can be run on another port than on his commonly assigned port.
Life is boring. Play NetHack... --more--
October 29th, 2002, 02:22 AM
Port scanning can be used to profile a server, it will help build up a picture of the job of that sever. It can help in determining which os is likely to running on the box. but post scan does not tell you what is running, like (V)/\>< said it tell you which ports are open, not what services connected to that port, yes you can make a good assumption that 80 will be a web server etc. etc. but can you really be sure?
Port scanning should be done with banner grabbing of the services running on each of the open ports, this will give a more correct view of what is there. I say more correct view as banners can be changed to give wrong indications about what is running for example making IIS look like apache. Once you have an idea of what is running who can then start to look for vulnerabilities for those services.
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"