How to identify open ports to find vulnerabilities
“No wind favors him who has no destined port.”
Taught by: Peter Zsiros
Length: 4 hours
Port scanning is used to identify open ports and services available on a host. It is used by security technicians to audit computers for vulnerabilities, however, it is also used by hackers to explore victims.
In this course you will learn how the most popular scanning techniques work and what they are good for so that you can choose the most appropriate one (or combination) for a given task. We will also examine how port scanning can be detected by IDS/IPS systems, and how one can try to avoid them.
For ethical hackers, system administrators, network engineers. Also recommended for those who are preparing for security exams, since scanners are a popular topic.
Basic understanding of TCP/IP networking
We will use 3 virtual machines + Kali Linux
Minimum 8 GB memory is required
You will know which port scanning technique to use and when. You will be also able to discover and understand the deeper connections functioning in a network.
Section 1 - Setting up our environment
As the first step we set up our test environment. (For this you can download the virtual machines and the ISO image from http://www.duckademy.com/downloads.) For this we will install Wireshark on the target machine and Nmap to the attacker machine.
Section 2 - Performing TCP connect scan (-sT)
In this part you will learn how the TCP connect scan works and what are the advantages of this type of scan. We will review its disadvantages as well.
Section 3 - Performing SYN scan (-sS)
You will learn how the SYN scan works, and what its advantages and disadvantages are.
Section 4 - Reverse scan techniques
In this part you will learn how the reverse scanning techniques (XMAS, Null, FIN, Maimon) work and how they try to identify the closed ports.
Section 5 - Performing ACK scan (-sA)
This time we will use the ACK scan to identify the filtered and unfiltered ports.
Section 6 - Spoofing identity
We will show you how a real attacker can try to cover his/her identity, or blame someone else as attacker.
Section 7 - IDS/IPS detection of port scans
We examine two widely used IDS/IPS systems, to what extent they are able to detect the previous scanning techniques with built-in/freely available rulesets.