Results 1 to 4 of 4

Thread: To the search of the open door

  1. #1
    Join Date
    Feb 2003

    Exclamation To the search of the open door

    To the search of the open door

    As all you will already know, the port scanning allows us to know what doors are open, and accordingly what services are active. Nmap uses different methods of scanning, among which, for example, the SYN scan, TCP connect (), FIN scan, and so on. each of these methods needs powers of root, except the TCP connect ().

    This is the technique of simpler scanning, feasible with any program that tries a connection toward a host. if the connection goes to good end, it means that the door is open. this tecnique is based on the "THREE WAY HANDSHAKE", that is illustrated funziunder.
    this technique is the more easy to find, any non blind administrator and every circumferentor of intrusions that is defined such it would make suspicious itself to see the same host that connects itself to a lot of doors.

    # nmap -St host

    SYN SCAN (or Half-open scan)
    This type of scan effects a " half connection ".
    a packet is sent with the flag SYN active: if the server responds with a flag SYN and ACK active it means that the door is open; the attacker now will send a packet with the flag RST, so it won't complete the connection. if the server responds with the flags ACK and RST, the door it is closed. in comparison to the preceding one, for the attacker this technique has the advantage that not all the servers record the attempts of connection not gone to good end.

    # nmap - sS host

    With this technique an attacker is able to know what handed UDPs are open. the operation is enough simple. the attacker sends a packet UDP of 0 byte; if the door is open he will not have any answer, otherwise it will receive a packet ICMP port unreacheble. this type of scanning is very slow since many systems use a contained suggestion in the RFC 1812 that it limits the amount of the error messages ICMP. on the systems Windows this problem doesn't introduce him since Microsoft has not followed the suggestion, allowing the attacker a faster scanning.

    # nmap -sU host

    the Window scan serves to determine if a door is filtered or less and even if it is open.
    this type of scanning founds itself on an anomaly of the dimension of the window TCP. among the systems vulnerabilities to this leak we find many by-products of BSD but not only: FreeBSD, NetBSD, OpenBSD, OS/2, MacOS, SunOS 4.x, Amiga, BeOS.

    # nmap - sW host

    Now we will analyze the methods of more insidious scan or the FIN scan, the Xmas Tree and the Null scan. I say more insidious because it is more difficult that these could be logged. as the preceding Window scan these techniques don't work on systems Microsoft.

    the attacker sends a packet with the Flag Fin active, if the door is open the attacker will recive nothing , if instead the door were closed the attacker will receive a packet with the active Flag RST.

    # nmap - sF host

    This time the active flags are 3: FIN, URG, PUSH. if the attacker doesn't receive anything the door is open. if he receives a RST the door is closed.

    # nmap - sX host

    The operation is identical to the two precedents (nothing = open; RST = closed).
    the packet that the attacker sends won't have any active flag

    # nmap -sN host

  2. #2
    Join Date
    Jul 2002
    Its usually called a "port" rather than a "door" but ehhh.... whatever. Its nice little walk through of just some of the many uses of nmap though most of this and more can be found... ummm... almost anywhere nmap can be found.

  3. #3
    Join Date
    Feb 2003
    u're right sorry.....

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    Thanks Anatra,

    I would not have bothered to go and find the information for myself, as it is not directly related to what I do, and I am the first to admit that I never get round to things

    |The|Specialist....................."hack your computer and erase important files" you think that we are all morons?..........or worse script kiddies? hack your computer with any intention other than to steal intellectual copyright materials should carry a mandatory death sentence (I promise not to tell them that you work for the RIAA) I do like your humour


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts