Port Scanning
Like a burglar casing a target to plan a break-in, a hacker will often case a system to gather information that can later be used to attack the system. One of the tools that hackers often use for this type of reconnaissance is a port scanner. A port scanner is a program that listens to well-known port numbers to detect services running on a system that can be exploited to break into the system.
There are several port-scanning programs available on the Internet at various sites. They are not difficult to find. Organizations can monitor their system log files to detect port scanning as a prelude to an attack. Most intrusion detection software monitors for port scanning. If you find that your system is being scanned you can trace the scan back to its origination point and perhaps take some pre-emptive action. However, some scanning programs take a more stealthy approach to scanning that is very difficult to detect. For example, some programs use a SYN scan, which employs a SYN packet to create a half-open connection that doesn't get logged. SYN packets and half-open connections will be detailed later in this tutorial.
In this tutorial:
- Threats and Attacks
- The OSI Reference Model
- TCP/IP Protocol Suite
- Threats, Vulnerabilities, and Attacks
- Attacks
- Viruses
- Worm
- Trojan Horses
- Trap Doors
- Logic Bombs
- Port Scanning
- Spoofs
- Sequence Number Spoofing
- DNS
- DNS Poisoning
- Redirects
- Password Cracking
- Sniffing
- War Dialing
- Denial of Service
- Ping of Death
- SYN Flooding
- SPAM
- Smurf Attack