Programs or services are the logical ways networking trafficgoes into and out of the machine. A service is a programthat runs in the background independent of a log on. The wayinto and out of a program or a service is through a logicalport, which is simply a number found in either the TCP or UDPheader that identifies the programs or services that thedata is sourced from and destined for. Programs orservices send from and listen on certain ports. Port scanning isa method to find what programs or services are running on amachine. Once you know what services are running on amachine, you can identify vulnerabilities for certainservices. For each vulnerability, you'll find anexploit and execute a payload to carry out the attack. Portscanning involves sending packets to a destination machinein order to identify the state of ports. There are manydifferent types of scans that could be sent. You'd select anappropriate one or a combination of different scan techniques fora task at hand. The three states a port can be in are open,closed, or filtered. There's really just one differencebetween an open port and a closed port. Open ports haveapplications or services listening on them. Closed portsdon't. For example, if you start an Apache web server, port 80 isopen. Stop the Apache web server, and port 80 is nowclosed. Start a FileZilla FTP server, port 21 is open. Stopthe FileZilla FTP server, and port 21 is closed. A filteredport is a port that either open or closed, but it can't bedetermined, because packet filtering keeps the scans fromgetting to the port. The filtering could come from adedicated firewall device, router rules, or a host-basedfirewall. Sometimes an ICMP error message will be sent inresponse to a filtered port, however more often than not,filters will just drop the scans and not send responses.Therefore, these probes need to be sent multiple time, to makesure that the lack of responses was due to filtering and notnetwork congestion. This slows the scans down greatly Firewallsdont open ports. Firewalls dont close ports Firewalls filterports If a network based firewall is set to deny some orall traffic to port 22, but you have an SSH server running onthe machine, the firewall didn't close port 22 on themachine. Run net stat on the SSH server and you'll see thatport 22 is indeed open. Any hosts inside the networktherefore will be able to access the SSH server, since thenetwork-based firewall filtering port 22 doesn't affect them.When a host-based firewall on the SSH server is filteringeither some or all incoming traffic on port 22, if theservice is started, port 22 will be open. Let's say I'm teachinga class in Golisano Hall on the RIT campus. Think of the classin the room as a service or program that's running. Think ofthe room number as the port that students use to enter. Whileclass is in session, the port is open. After class, we all leave.The lights go off and the door is locked. The port is closed.Picture yourself trying to enter Golisano Hall, but some guy atthe front door doesn't let you in. He's the firewall. You can'tget to my classroom door to even determine whether class is insession, open port, or not, closed port, because you'rebeing filtered by the firewall. Port scanning can alsopotentially identify operating systems of target machines aswell as versions of those programs running on thosemachines. While there are many different port-scanning tools,the de facto standard of port scanning is a tool called Nmap,or Network Mapper. Nmap can also be used initially to find theavailable hosts on a network to probe.
转载于:https://www.cnblogs.com/sec875/articles/10016021.html
相关资源:JAVA上百实例源码以及开源项目