*** Welcome to piglix ***

Port scanning


A port scanner is an application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.

A port scan or portscan is a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port; this is not a nefarious process in and of itself. The majority of uses of a port scan are not attacks, but rather simple probes to determine services available on a remote machine.

To portsweep is to scan multiple hosts for a specific listening port. The latter is typically used to search for a specific service, for example, an SQL-based computer worm may portsweep looking for hosts listening on port 1433.

The design and operation of the Internet is based on the , commonly also called TCP/IP. In this system, network services are referenced using two components: a host address and a port number. There are 65536 distinct and usable port numbers. Most services use a limited range of port numbers.

Some port scanners scan only the most common port numbers, or ports most commonly associated with vulnerable services, on a given host.

The result of a scan on a port is usually generalized into one of three categories:

Open ports present two vulnerabilities of which administrators must be wary:

Filtered ports do not tend to present vulnerabilities.

All forms of port scanning rely on the assumption that the targeted host is compliant with RFC 793 - Transmission Control Protocol. Although this is the case most of the time, there is still a chance a host might send back strange packets or even generate false positives when the TCP/IP stack of the host is non-RFC-compliant or has been altered. This is especially true for less common scan techniques that are OS-dependent (FIN scanning, for example). The TCP/IP stack fingerprinting method also relies on these types of different network responses from a specific stimulus to guess the type of the operating system the host is running.


...
Wikipedia

...