|
|
|
|
Hacking. It's OK to make mistakes and hit dead ends, because real hackers mess around, explore, and try out new things. If things don't work, it's no big deal. If they do work, however... If you have a Unix type computer, there are many other port scanners available. SATAN (Security Analysis Tool for Auditing Networks) is famous, free, and also will often identify ports that are vulnerable to attack. You can get it at ftp://ftp.cs.ruu.nl:/pub/SECURITY/. Possession of the code for SATAN is enough to get you kicked off some ISPs. Check out http://www.rootshell.com/ for other Unix port scanner programs that may not get people as suspicious at you. If you are willing to pay lots of money for a port scanner, several computer security companies sell them. Internet Security Systems (ISS) has an exceptionally good one, Internet Scanner (at http://www.iss.net/). Like SATAN, Internet Scanner will identify security holes in the ports you scan. There are versions for both Unix and Windows NT systems. Because their software would be dangerous in the wrong hands, ISS will only sell you a version to scan the IP addresses you own or that the company you work for has given you permission to scan. Stealth Port Scanning You may have already heard that there are port scanners that are impossible to detect. If true, that would solve the problem of getting kicked off your ISP for running scans. One that I have tried out is Nmap, available for free from http://dhp.com/. It runs on Unix type operating systems, and has options to do both normal port scanning and "stealth" port scanning. Warning -- like What's Up, Nmap is not always accurate. While What's Up misses open ports, Nmap often erroneously says closed ports are open.
Wizard tip: Here's why Nmap is inaccurate in fin scan (stealth or half-open) mode. In default mode, it sends to each port on the victim computer two packets with the fin flag (end of transmission) set. If it gets back a packet with the rst (reset) flag set, it reports the port as closed. If it doesn't get rst back, it reports it as open. Of course a dropped packet can also account for the missing rst. As a result, on a noisy connection Nmap shows many ports as open that aren't. Try fin scanning a nonexistent host with Nmap and you will see all ports reported open. There is another problem that afflicts all stealth scanners. They actually can be detected, and the sender identified, if the target network is running the right sniffer software. EtherPeek (discussed in detail below) is one we have tested against Nmap on the Happy Hacker Wargame (see http://www.happyhacker.org/wargame/index.shtml for details on how to play our Wargame). We discovered that EtherPeek definitely detects and identifies the user of stealth port scanners. |
|
|
|
