Port scanning: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Howard C. Berkowitz
(New page: '''Port scanning''' involves multiple computer network activities involving sending a stimulus to the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) identifiers of...)
 
imported>Howard C. Berkowitz
No edit summary
Line 1: Line 1:
{{subpages}}
'''Port scanning''' involves multiple [[computer network]] activities involving sending a stimulus to the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) identifiers of specific services on specific computers. It may be a perfectly legitimat operational function, or it may be part of preparation for attacks on the network or it hosts.
'''Port scanning''' involves multiple [[computer network]] activities involving sending a stimulus to the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) identifiers of specific services on specific computers. It may be a perfectly legitimat operational function, or it may be part of preparation for attacks on the network or it hosts.


Line 4: Line 5:


There is no single mechanism for port scanning, as different TCP and UDP services respond to different kinds of protocol messages. In the case of TCP-based services, [[telnet]] is one way to script scans, but it is more common to see specific scan methods for specific application services that run over TCP.
There is no single mechanism for port scanning, as different TCP and UDP services respond to different kinds of protocol messages. In the case of TCP-based services, [[telnet]] is one way to script scans, but it is more common to see specific scan methods for specific application services that run over TCP.
Port scanning, in and of itself, is rarely considered a network attack, as it generates little traffic. It can find vulnerabilities against which specific attacks can be launched.


==Simple Mail Transfer Protocol==
==Simple Mail Transfer Protocol==

Revision as of 08:52, 4 February 2009

This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Port scanning involves multiple computer network activities involving sending a stimulus to the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) identifiers of specific services on specific computers. It may be a perfectly legitimat operational function, or it may be part of preparation for attacks on the network or it hosts.

If an address sweep is analogous to checking if a building exists at a given street address, a port scan is closer to testing the doors to see if they are locked, or at least to see if specific apartments or rooms exist. It is good when a security guard verifies that doors are properly locked, but when

There is no single mechanism for port scanning, as different TCP and UDP services respond to different kinds of protocol messages. In the case of TCP-based services, telnet is one way to script scans, but it is more common to see specific scan methods for specific application services that run over TCP.

Port scanning, in and of itself, is rarely considered a network attack, as it generates little traffic. It can find vulnerabilities against which specific attacks can be launched.

Simple Mail Transfer Protocol

One scan, which can be done for reasons good or ill, is trying to access the Simple Mail Transfer Protocol (SMTP) on TCP port 25. A very large amount of spam comes from broadband-connected personal computers attacked by botnets that insert SMTP servers on the machines, and use the differently-addressed to send a few spam emails each.

Internet-wide spam defense considers it inappropriate for end user computers to contain SMTP servers. This does not mean that such computers cannot have, and usually should have, SMTP clients that send to an authorized SMTP server inside their network. Network operators, and anti-spam groups, often scan end user address space looking for SMTP servers. Finding such servers strongly suggests that the machine has been compromised; SMTP traffic coming from end user address space can get an ISP blacklisted as a potential spam source.