18. Phase 2: Scanning The premise of scanning is to probe as many ports as possible, keeping track of open and useful ports that would be receptive to hacking. Scanners send multiple packets over a communication medium then listen and record each response. The following are techniques for inspecting ports and protocols.
31. WWW HTTP 80/tcp www-http Domain Name Server 53/udp domain Telnet 23/tcp telnet SSH Remote Login Protocol 22/tcp ssh File Transfer (control) 21/tcp ftp File Transfer (default) 20/udp ftp-data Echo 7/tcp echo
32. Non Standard Ports X Window System 6000-6063/tcp X11 Yahoo! Messenger 5010 yahoo RaDIUS authentication protocol 1812/udp Radius Microsoft Windows Internet Name Service 1512/tcp wins
67. Sends a TCP FIN to each port. Reset indicates port is closed. -sF TCP FIN Only sends the initial SYN and awaits the SYN-ACK response. -sS TCP SYN Completes the 3-way handshake with each scanned port. -sT TCP Connect Summary of Characteristics Command-Line Option Type of Scan
68. Similar to ACK, but focuses on TCP Window size to determine if ports are open or closed. -sW Window Sends packet with the ACK code bit set to each target port. -sA TCP ACK Sends packets with no code bits set. Reset indicates port is closed. -sN Null Sends packet with the FIN, URG and PUSH code bits set. Reset indicates port is closed. -sX TCP Xmas Tree
69. Scans RPC services using all discovered to open TCP/UDP ports on the target to send RPC Null commands. -sR RPC Scanning Sends ICMP echo request packets to every machine on target network. -sP Ping Sends a UDP packet to target ports to determine if a UDP service is listening. -sU UDP Scanning Bounces a TCP scan off of an FTP server, obscuring the originator of the scan. -b FTP Bounce
94. Application Gateways look at data on the application layer of the protocol stack and serve as proxies for outside users. Thus, outside users never really have a direct connection to anything beyond the proxy gateway.
161. Back Orifice Remote Administration System which allows an intruder to control a computer across a TCP/IP connection using a simple console or GUI application. Gives its user more control of the target computer than the person at the actual keyboard has.