Nmap Scanner and Shadow Security Scanner

What is Port scanner?A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it.

The “good way” of doing port scanningThe activity of port scanning can be done as part of security assessment of one’s own organization seeking to weed out security holes. It is more of a defensive approach to seek vulnerabilities and destroy them rather than reactive approach.The malicious way of doing port scanningHackers or anyone with a malicious intent can do “port scanning” by systematically probing open ports which might lead hackers to gain entry into organizations and steal their private data.

Port ScanningThe process of examining a range of IP

addresses to determine what services are running on a network.

Port-scanning tools can be complex, must learn their strengths and weaknesses and understanding how and when you should use these tools.

Conduct TestScan all ports when doing a test, not just the

well-known ports. (Ports 1 to 1023) Many programs use port numbers outside the

range of well-known ports. If find that port 65301 is open can check the

information at the CVE Web site for a possible vulnerability in pc Anywhere.

Using Port-Scanning ToolsHundreds of port-scanning tools are available

for both hackers and security testers.

Not all are accurate, so using more than one port-scanning tool is recommended.

NmapOne of the most popular port scanners and

adds new features constantly, such as OS detection and fast multiple-probe ping scanning.

Nmap also has a GUI front end called Zenmap that makes working with complex options easier.

Open source

NmapMust hide from network devices or IDSs that

recognize an inordinate amount of pings or packets being sent to their networks.

This ACK scan constituted a DoS attack on the network

Use stealth attacks that are more difficult to detect.

Nmap results

The services supported are: FTP, SSH, Telnet, SMTP, DNS, Finger, HTTP, POP3, IMAP, NetBIOS, NFS, NNTP, SNMP, Squid (Shadow Security Scanner is the only scanner to audit proxy servers - other scanners just verify ports availability), LDAP (Shadow Security Scanner is the only scanner to audit LDAP servers - other scanners limit their actions to ports verification), HTTPS, SSL, TCP/IP, UDP, and Registry services. Because of a fully open (ActiveX-based) architecture any professional with knowledge of VC++, C++ Builder or Delphi may easily expand the capabilities of the Scanner. ActiveX technology also enables the system administrators to integrate Shadow Security Scanner into practically any ActiveX supporting product.

Shadow Security Scanner

S.S.S Results

Conclusion:To prevent this type of attack it is essential therefore that you implement IP spoofing at the network edge, and also make use of stateful firewall rules. Since the success of this type of attack hinges around the predictability of the IP ID, using systems that don’t succumb to this (mainly newer versions of Linux and Solaris) would be best, although not necessarily possible.

Enable only the traffic you need to access internal hosts — preferably as far as possible from the hosts you’re trying to protect — and deny everything else. This goes for standard ports, such as TCP 80 for HTTP and ICMP for ping requests.Configure firewalls to look for potentially malicious behavior over time and have rules in place to cut off attacks if a certain threshold is reached, such as 10 port scans in one minute or 100 consecutive ping (ICMP) requests.Most firewalls and IPSs can detect such scanning and cut it off in real time.

THANK YOU