PORT SCANNING (Lesson 5)

Every computer connected on internet has a unique Internet Protocol (IP) address that identifies them over the Internet. Hackers use a hacking tool called a scanner to search for a range of IP addresses for a computer to attack.

When the scanner finds a computer at a particular IP address, it then examines the ports on that computer to see which ones could be exploited.

A port represents a specific way for a computer to communicate over the Internet. When a computer connects to the Internet, it needs to know when it's receiving email and when it's accessing a web page. Since information from the Internet flows into the computer through the same physical connection (a telephone line or cable modem), computers create separate ports to accept certain data. This way the computer knows how to handle data.

Each port is assigned a number and every computer connected to the Internet uses ports, which means that ports open up a door that hackers can use to access a computer.

SERVICE	PORT
File Transfer Protocol (FTP)	21
Telnet	23
Simple Mail Transfer Protocol (SMTP)	25
Gopher	70
Finger	79
Hypertext Transfer Protocol (HTTP)	80
Post Office Protocol, version 3 (POP3)	110

To attack a computer, you need the target computers IP address. There are lots of software’s available on net for this purpose one way is by looking up for the domain name on the Network Solutions website. Once you know a computer's IP address, the next step is to find which ports are open in order to access the target computer.

Ways to check which port is open-----

TCP connect scanning – Hacker sends a SYN packet to the target computer and waits for a return acknowledgment packet (SYN/ACK), and then sends another acknowledgment packet (ACK) to connect. This type of scanning is easily recognized by target computers to alert them of a possible hacker attack.

TCP SYN scanning – Same as above but when the acknowledgement is received the hacker does not sent back the ACK packet to connect. By doing this the hacker knows that the port is listening and hence open. This technique has less chances of getting detected.

TCP FIN scanning – Hacker sends a "No more data from sender" (FIN) packet to a port. A closed port responds with a Reset (RST) message, while an open port simply ignores the FIN packet.

The next task is to find the target computer’s operating system in order to know the commands for guessing the computer's password.

<FIN probing: Hacker sends a FIN ("No more data from sender") packet to a port and waits for a response. Windows responds with RST (Reset) messages.

<FIN/SYN probing: Hacker sends a FIN/SYN packet to a port and waits for a response. Linux systems respond with a FIN/SYN/ACK packet.

<ICMP message quoting: Hacker sends data to a closed port and waits to receive an error message. All computers send back the initial IP header of the data with an additional eight bytes tacked on. Solaris and Linux systems, however, return more than eight bytes.

Once a hacker knows the IP address, the open ports available, and the type of operating system for a target computer, the hacker can plan his strategy for breaking into the computer.