hi geeks,
hello frens.....i want to know tips and directions towards developing a port scanner of my own....
i want to know this as purely for an edu purpose..plz help me
thanx
ram
Printable View
hi geeks,
hello frens.....i want to know tips and directions towards developing a port scanner of my own....
i want to know this as purely for an edu purpose..plz help me
thanx
ram
I'd say the first thing you need to do is study up on the basics of TCP/IP. Learn about the different kinds of packets, the different protocols. I'd also study up some on how the ping and nmap command works.
An extremely good book to read is "A Complete H@Cker's Handbook: Everything You Need to Know About Hacking in the Age of the Web" writen by Dr. K (ISBN: 1858684064). It doesn't directly teach you how to hack but the theory of it (in terms of protocols and packets). The port scanning section was very good, it doesn't tell you how to make your own port scanner directly but is a good guide.
1)no geeks here :)
2)do you know any programming,networking? I mean making a scanner is not such an easy task...
3)read a lot
4)google
5)read a lot again
6)nmap is always there and it is pretty good
anyway good luck :)
You can find all the info to make a port scanner at the msdn [microsoft devolpers network] they have a lot of scripts on the subject in vb.
Quote:
how to write an undetectable port scanner of my own
Totally impossible..............if you scan a port you attempt to make contact....if you attempt contact, you can be detected?
Sure you can write a port scanner..follow the sound advice already given.......but the only "undetectable" port scanner that I know of is one that doesn't work :D
Cheers
Why writing a new one, while you can have good coverage from and with nmap...
Got the book in my hand right now, it doesnt have a section on port scanning. But throughout the book it shows you how to manually portscan using telnet. (lol guess and test). But i would recomend it to people with little experience to want a grip on this stuff (whether white or black hat). but medium to experienced users forget it.Quote:
An extremely good book to read is "A Complete H@Cker's Handbook: Everything You Need to Know About Hacking in the Age of the Web" writen by Dr. K (ISBN: 1858684064). It doesn't directly teach you how to hack but the theory of it (in terms of protocols and packets). The port scanning section was very good, it doesn't tell you how to make your own port scanner directly but is a good guide.
There are several method to make a TCP port scan less detectable:
1. Use half-open connections or other badly sequenced packets
2. Use some kind of "bounce" attack
In the latter case, you protect your IP because the victim (?) does not see your real IP.
However, 1. is much better for general usage, example scanning internal networks or pen testing. Half-open (SYN) scanning is ideal, because it only finds truly open ports (no false negatives), and causes minimum disruption - in most OSs the application does not even "see" the connections.
Of course IDS can detect just about any type of scan, but the "stealth" scans only defend against application-level logging.
Note that all the above pertains to TCP port scanning only, UDP scanning (or other protocols) do not have "syn" flags, hence cannot be masked from the application in this way.
In order to even *think* about coding this, you will need to be competent in TCP and IP. You will need to know the structure of a TCP packet and have a routine to calculate TCP checksums (I think).
If you are thinking you can write this in 20 lines of VB, you are totally mistaken.
Slarty
using a passive scanning you are able to be invisable, look at tools such as p0f and as said, READ ALOT. :)Quote:
Originally posted here by nihil
Totally impossible..............if you scan a port you attempt to make contact....if you attempt contact, you can be detected?
Sure you can write a port scanner..follow the sound advice already given.......but the only "undetectable" port scanner that I know of is one that doesn't work :D
Cheers
Only invisable to a degree......If you have a hardware IDS that can log connections at the data-link level, then you'll detect the scan. (Of course, aside from government agencies, who uses this type of ultra-paranoid capability?)
Well there are 3 main ways
1) Use some kind of "bounce" attack (already covered by slarty)
2) Do it very slowly, to the point where IDS will not trigger as for somthing to show up as a port scan X number for ports will have to be requested in X time, so if you below their threshold(sp?) it will not see it as a port scan.
3) while port scanning generate a large amount of scans with spoofed address. Therefore the person you are scanning can not work out who is scanning them. Think out reading a firewall/IDS log that says 1500 different people are portscanning you, how would you know which one is the real attacker?
But saying all of that nmap does all three
SittingDuck
Qod: P0f, while being a really nice little tool that I have constantly running outside my firewall, is not a port scanner, it's a passive fingerprinter. It relies upon you making a connection to me and then determining what you are. When, (more like _if_), you connect to me you will do it with a single source and a single destination port. That doesn't even tell me whether you are running a service on the source port since the source will be randomly chosen for the connection to my system unless you are using tools to "fix" that. The only info p0f puts out is it's best guess at your OS based on the info it received. The guess is based on knowledge of the various implementations of the IP stack used by different OS's.
57: You can't detect p0f since it makes no "noise". It's simply a packet sniffer with a signature database, (yes I'm aware it has a more active mode but that is an accuracy thing and really defeats the purpose of passive fingerprinting). So even the most technically advanced IDS logging connections at any level still wouldn't see it because p0f doesn't talk, it listens.
ramforu: Think of the concept behind port scanning. You want to know which ports are open and providing services on a remote box. Thus you have two choices. Be active and do something to determine which ports are open _or_ wait for the admin of the box to call you and tell you which services he provides. Since two just isn't going to happen you are left with 1 and the moment you go "active" I can detect you. Then it simply comes down to the level of efficiency you desire. If you are prepared to wait a week or two, (or more), then you can probably evade my detection, (NOTE: I said "evade my detection" not "be invisible" - my systems have still logged your presence - I just haven't seen you as significant - yet).
when i read the subject line, i thought somebody was able to write an undetectable port scanner. hehe.