Programs or services are the logical ways networking traffic
goes into and out of the machine. A service is a program
that runs in the background independent of a log on. The way
into and out of a program or a service is through a logical
port, which is simply a number found in either the TCP or UDP
header that identifies the programs or services that the
data is sourced from and destined for. Programs or
services send from and listen on certain ports. Port scanning is
a method to find what programs or services are running on a
machine. Once you know what services are running on a
machine, you can identify vulnerabilities for certain
services. For each vulnerability, you'll find an
exploit and execute a payload to carry out the attack. Port
scanning involves sending packets to a destination machine
in order to identify the state of ports. There are many
different types of scans that could be sent. You'd select an
appropriate one or a combination of different scan techniques for
a task at hand. The three states a port can be in are open,
closed, or filtered. There's really just one difference
between an open port and a closed port. Open ports have
applications or services listening on them. Closed ports
don't. For example, if you start an Apache web server, port 80 is
open. Stop the Apache web server, and port 80 is now
closed. Start a FileZilla FTP server, port 21 is open. Stop
the FileZilla FTP server, and port 21 is closed. A filtered
port is a port that either open or closed, but it can't be
determined, because packet filtering keeps the scans from
getting to the port. The filtering could come from a
dedicated firewall device, router rules, or a host-based
firewall. Sometimes an ICMP error message will be sent in
response to a filtered port, however more often than not,
filters will just drop the scans and not send responses.
Therefore, these probes need to be sent multiple time, to make
sure that the lack of responses was due to filtering and not
network congestion. This slows the scans down greatly Firewalls
dont open ports. Firewalls dont close ports Firewalls filter
ports If a network based firewall is set to deny some or
all traffic to port 22, but you have an SSH server running on
the machine, the firewall didn't close port 22 on the
machine. Run net stat on the SSH server and you'll see that
port 22 is indeed open. Any hosts inside the network
therefore will be able to access the SSH server, since the
network-based firewall filtering port 22 doesn't affect them.
When a host-based firewall on the SSH server is filtering
either some or all incoming traffic on port 22, if the
service is started, port 22 will be open. Let's say I'm teaching
a class in Golisano Hall on the RIT campus. Think of the class
in the room as a service or program that's running. Think of
the room number as the port that students use to enter. While
class is in session, the port is open. After class, we all leave.
The lights go off and the door is locked. The port is closed.
Picture yourself trying to enter Golisano Hall, but some guy at
the front door doesn't let you in. He's the firewall. You can't
get to my classroom door to even determine whether class is in
session, open port, or not, closed port, because you're
being filtered by the firewall. Port scanning can also
potentially identify operating systems of target machines as
well as versions of those programs running on those
machines. While there are many different port-scanning tools,
the de facto standard of port scanning is a tool called Nmap,
or Network Mapper. Nmap can also be used initially to find the
available hosts on a network to probe.
转载于:https://www.cnblogs.com/sec875/articles/10016021.html
502
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
