Port scanner
|
A port scanner is a piece of software designed to search a network host for open ports. This is often used by administrators to check the security of their networks and by hackers to compromise it.
The protocol stack that is most common on the Internet today is TCP/IP. In this system, hosts are referenced using two components: an address and a port number. There are 65535 distinct and usable port numbers. Most services use a limited range of numbers; these numbers eventually become assigned by the IANA (http://www.iana.org/assignments/port-numbers) when the service becomes important enough.
Some port scanners only scan the most common, or most commonly vulnerable, port numbers on a given host. See: List of well-known ports (computing).
The result of a scan on a port is usually generalized into one of three categories:
- Accepted or Open: The host sent a reply indicating that a service is listening on the port.
- Denied or Closed: The host sent a reply indicating that connections will be denied to the port.
- Dropped or Blocked: There was no reply from the host.
Open ports present two vulnerabilities of which administrators must be wary:
- Security and stability concerns associated with the program responsible for delivering the service.
- Security and stability concerns associated with the operating system that is running on the host.
Closed ports only present the latter of the two vulnerabilities that open ports do. Blocked ports do not present any reasonable vulnerabilities. Of course, there is the possibility that there are no (yet) known vulnerabilities in either the software or operating system.
The information gathered by a port scan has many legitimate uses, including the ability to verify the security of a network. Port scanning can however also be used by those who intend to compromise security. Many exploits rely upon port scans to find open ports and send large quantities of data in an attempt to trigger a condition known as a buffer overflow. Such behavior can compromise the security of a network and the computers therein, resulting in the loss or exposure of sensitive information and the ability to do work.
Many Internet service providers deny their customers the ability to perform port scans outside of their home networks. This is usually covered in the Terms of Service or Acceptable Use Policy to which the customer must have already agreed. Most public and private networks also place such limitations upon their users.
Port Scanners
- nmap is a popular port scanning tool for many platforms.
- Superscan (http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/overview.htm) is a popular port scanning tool for Microsoft Windows.
- Angry IP Scanner (http://www.angryziber.com/ipscan/)
- Unicornscan (http://www.dyadsecurity.com/s_unicornscan.html) is an advanced port scanning tool for Unix-like systems.