whats the real use for port scanners and how can i protect my self from being scanned?
Printable View
whats the real use for port scanners and how can i protect my self from being scanned?
Quote:
Port Scanner:
The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer.
From WebopediaQuote:
Port scanning in and of itself is not a crime. There is no way to stop someone from port scanning your computer while you are on the Internet because accessing an Internet server opens a port, which opens a door to your computer. There are, however, software products that can stop a port scanner from doing any damage to your system.
You can not protect yourself from being scanned, but you can protect yourself from returning any valuable information back to the scanner by using a firewall or a firewall with IDS. Personally, I run a SmoothWall with IDS and the Guardian modification. Guardian will take any IP address that sets off my Snort sensors (Port Scanning would set this off) and places them into my IP Block List. I feel like this system(Firewall combined with IDS) protects me from 99.9% of attackers. There are ways of scanning that can bypass firewalls and fool IDS's but these methods tend to be too advanced for the average skiddie that would be scanning a home PC to begin with.
I'd strongly suggest you obtaining a port scanner, and scanning yourself to figure out your own systems flaws. It'll just scan ports to tell you, which are open|closed, and if you're using a good one "filtered". Of course, open ones and filtered would be what should catch your attention!
In addition to NeuTron's post you might want to know that port scanning is generally frowned upon by some ISPs(there not being a very justifiable reason for home users to do it) and in some cases,can result in the ISP barring your account.
Have fun ;)
thats nice to know, but aol or yahoo apperently don't care. if i scan someone or not. but, when i do scan someone i do tell them that this or this port are open and they should do something about it to prevent a "hacker" from using it to their advantage.
Port scanning, is in no way illegal, and I've personally never had any ISP bother me with it.
Ok, seriously don't give legal advice unless you know what you are talking about.Quote:
Port scanning, is in no way illegal, and I've personally never had any ISP bother me with it.
Port scanning may or may not be legal depending on the situation, location, and results.
Article 2 from the Explanatory Report of the Convention on Cybercrime ( http://conventions.coe.int/Treaty/en...s/Html/185.htm , the source I had on hand, viewing laws from every relevant country/state would be too much of a mess here) reads quite vaugely. It is arguable that port scanning a system falls under the catagory or "without right" or beyond "appropriate use."
This becomes a lot more clear if the scan effects system availiblity, as several systems and firewall types have been known to die under reasonable nmap scans. At this point you have commited a crime, perhaps unintentionally, but mixing "without right" and an "attack against availibility"... bad idea.
Also, if the system must adhere to a government standard requiring investigation of IDS trips, and if your scan trips the IDS... you've now incurred a cost on that organization, again "without right."
The law is largely unclear, but you would be very foolish to think that port scanning is in "no way illegal", regardless of what your ISP allows you to do. (most just plain don't care so long as your check clears, and to be perfectly honest, they don't need to care)
cheers,
catch
catch makes a very incontrovertible point here, although I would have worded it as “ may have committed “ , again, depending on where the offense originated and where it occurred.Quote:
This becomes a lot more clear if the scan effects system availiblity, as several systems and firewall types have been known to die under reasonable nmap scans. At this point you have commited a crime, perhaps unintentionally, but mixing "without right" and an "attack against availibility"... bad idea.
Many laws are worded as “ knowingly or negligently “ or similar, and many, especially concerning electronic communications, are considered occurring at the point of origin and/or at the point of where it is received.
So even if you didn't mean to, the fact that you did so could be considered violating the law. And if the country where, say the server that was attacked had laws that said you could be fined the equivalent of $10.00 U.S. dollars, the country that you originated the attack from could mandate life imprisonment or worse.
There is ever increasing cooperation ( due to political pressure, etc. ) between countries for penalties and prosecution for such offenses.
This isn't the 1970's. People are becoming more aware ( albeit slowly ) of computer related offenses. What is and is not acceptable is still being worked out, but do you want to be a test case?
And to clear your doubt Tetrismaster101,they DO care...just not enough to listen to a scrippie telling them that port 80 or 25 is open,on a side note...do you realise how many scans companies like those get every day?You cant expect them to try to track every user(in fact,they dont track any..they just add your IP to their logs and that's that)
Cheers
Catch,Quote:
This becomes a lot more clear if the scan effects system availiblity, as several systems and firewall types have been known to die under reasonable nmap scans. At this point you have commited a crime, perhaps unintentionally, but mixing "without right" and an "attack against availibility"... bad idea.
you're getting more towards denial of service, which nmap does have the possibilty to do. But, the intentional would be obvious if values were set "nmap -T 5 -M 1000...", which may I add, shouldn't be considered a "reasonable" scan.
An investigation of IDS logs, wouldn't have to follow any "goverment standards", if it wasn't on RIPE registries; or root-servers. I would hope "Tetrismaster", would be intelligent enough not to try and scan the DOD for example.
But, maybe I was pushing it with the "in no way illegal" reply.
I guess, I just hoped most people would face port scanning in a more ethical way.
It is possible for nmap, while running a reasonable scan, to crash a system. Unlikely... perhaps nothing more than coincidental... tell it to the judge.
The DOD itself isn't the only organization held to DOD standards. Many private companies, some with no direct dealings with the government at all are bound by these standards.
How could scanning a system that you don't have rights on, possibly be ethical?Quote:
I guess, I just hoped most people would face port scanning in a more ethical way.
cheers,
catch
[sarcasm] Easily Catch, it's not doing any damage to it and it's ethical to not do damage to another 'puter. [/sarcasm] :rolleyes:Quote:
How could scanning a system that you don't have rights on, possibly be ethical?
I basically agree with Catch on this, although I've never heard a case where NMAP crashed a system (please explain more?). Although, I guess depending on the traffic going through the ports and the system being scanned, there could be a 1 in a billion chance? I dunno.. Just inserting my two cents.
Ethics isn't what you do, it's why you do it. Damaging the computer is incidental...Quote:
Easily Catch, it's not doing any damage to it and it's ethical to not do damage to another 'puter.
While it is true that a basic port scan is unlikely to crash a system. There used to be an index of nmap scans that would crash various application firewalls.Quote:
I basically agree with Catch on this, although I've never heard a case where NMAP crashed a system
All that aside... what if you happen to scan a system right before or after an attack? The fact is, port scanning is grey area at BEST. Circumstances beyond your control can be the difference between something that falls between the cracks and having the FBI at your door.
cheers,
catch
I know what ethics is.. and note the sarcasm tags ;)Quote:
Ethics isn't what you do, it's why you do it. Damaging the computer is incidental...
I'd love to see that index and what application firewalls were crashed. :DQuote:
There used to be an index of nmap scans that would crash various application firewalls.
This is why I love posting in a thread with you, catch.. you expand your thinking. This is very true and a legit worry -- what if there already was high activity going on (or even a possible attack?) already. What if the user displayed firewall logs and high port activity already was going on. Again, excellent point catch.. there are always circumstances beyond your control that can alter things easily.Quote:
what if you happen to scan a system right before or after an attack? The fact is, port scanning is grey area at BEST. Circumstances beyond your control can be the difference between something that falls between the cracks and having the FBI at your door.
Spyder - catch is adding relevant information to this thread that brings new information to view in response to the orignial post. You are merely questioning what he's saying and adding nothing new to the table.
Why even post a comment like that? You're obviously pulling a redicualous figure out of your ***. I think your account should be limited to GCC and Cosmos, where spilling out useless bull**** doesn't pollute the homepage.Quote:
Although, I guess depending on the traffic going through the ports and the system being scanned, there could be a 1 in a billion chance?
NeuTron: Okay, so you want to turn this thread to ****? Hrmm.. Well, I am ALLOWED to comment on another users post (lord knows why I'm explaining this to you). In the quote you quoted from me, it was a rhetorical question.. I wanted to learn more about what was being talked about. Catch was adding things and like I said when I said to him "please explain more", I wanted to learn from what he was adding.
That's what AntiOnline is about.. Now, what have YOU added to this thread, other than a personal attack against someone you obviously don't like? Hrmm.. I rest my case. Oh, and go and neg me back if you want.. you obviously loved that feature once before, eh?
Alright moron, since you obviously didn't read this thread before you started yapping in it... you might have noticed that I replied to this thread first (1hr after it was posted). So much for resting your case. Oh and if it wasn't for your irrevelevant "tutorial", which I felt compelled to neg, I would have negged you here.Quote:
Originally posted here by Spyder32
That's what AntiOnline is about.. Now, what have YOU added to this thread, other than a personal attack against someone you obviously don't like? Hrmm.. I rest my case. Oh, and go and neg me back if you want.. you obviously loved that feature once before, eh?
I thought we were talking about port scanning, not about who neg'd who or who did this or who did that.
nmap? i use super scan 4.0, very useful, i can get someones ip , then do a reverse ip lookup on http://whois.webhosting.info
mostly as a learning experience
You should definately give NMAP a try. You can download it from this link . Refer to TheHorse13's tutorials to get aquainted with its many features. Links below:Quote:
Originally posted here by Tetrismaster101
I thought we were talking about port scanning, not about who neg'd who or who did this or who did that.
nmap? i use super scan 4.0, very useful, i can get someones ip , then do a reverse ip lookup on http://whois.webhosting.info
mostly as a learning experience
First
Second
Third
Fourth
Well, I don't know of any particular list of what could crash, but from the man pages of NMAP
After doing a google search on "nmap crashes" and sorting through pages and pages of hits I found numerous complaints of problems scanning some Cisco equipment, Solaris, VPNs, and more. Most were older complaints, but then again I didn't get even close to searching all the hits.Quote:
It should also be noted that Nmap has been known to crash certain
poorly written applications, TCP/IP stacks, and even operating systems.
Nmap should never be run against mission critical systems unless you
are prepared to suffer downtime. We acknowledge here that Nmap may
crash your systems or networks and we disclaim all liability for any
damage or problems Nmap could cause.
Because of the slight risk of crashes and because a few black hats like
to use Nmap for reconnaissance prior to attacking systems, there are
administrators who become upset and may complain when their system is
scanned. Thus, it is often advisable to request permission before
doing even a light scan of a network.
( BTW, I have never had a crash resulting from NMAP that I am aware of ) ;)
What if I come heavy with nessus, Nmap during some type of a live BIOS flash on a special system? I had to go outside the box on you all.
;)
You have a box we can test that on? :splat:
*sigh*
I hoped it didn't have to come to this...
FACT: NMAP is an auditing tool, not an "attacking" tool.
FACT: NMAP will crash *any* poorly configured host whether it's an appliance, workstation, server, microwave oven, etc..
FACT: Throttling NMAP does not remove the probability that it will club these poorly configured devices.
FACT: Network stacks and/or applications that do not follow RFCs are most likely to fall over on their heads when presented with *any* traffic, not just NMAP scans.
FACT: If you attempt to run NMAP across a shi**y SOHO router like Linksys, D-link, etc., you will understand quickly that these devices are not NMAP friendly. Why? That's another thread altogether.
FACT: If you scan *anything* on the internet, you're going to leave a footprint - period. This goes for NMAP's idlescan as well.
FACT: Most if not all fw admins have something in place specifically looking for dipshi*s who pound their perimeter with NMAP scans. This is the equivilent of driving up to the police station and telling them the addresses of the places you're going to case. If this is how you plan to start your enumeration process, then do us all a favor, save us some tax dollars and just peddle yourself down to the police station and turn yourself in. If this isn't clear enough, USING NMAP OR ANY AUTOMATED TOOL IS NOT A GOOD WAY TO ENUMERATE SERVICES IF YOU DO NOT WANT TO BE SEEN. There are far better ways to do this but require complete understanding of networking.
FACT: Some people here don't understand what a TCP flag is and why they're used (you know who you are).
Anyway, I think my point is clear. In case it's not, whether you're using NMAP or not, things will break if the host is flakey.
If you want to enumerate hosts & such, do it on your own equipment.
If you like sex with men, NMAP scan as many sensitive organizations as you can.
peace out
--TH13
Can scanning your own system cause it to crash?
Depends on your system, and what type of scan.
I have windows xp sp2, and i was wondering about a TCP/UDP port scan.
Sure you can.
However, be aware that some services may only be listening locally (127.0.0.1) and will show up in your local scan when in fact these services are not accepting connections remotely and thus, wouldn't show up on a scan that you conduct from another host against yours.