Originally Published: Thursday, 7 June 2001 Author: Matt Michie
Published to: enchance_articles_security/Basic Security Articles Page: 2/5 - [Printable]

Linux.com Security: Introduction to Port Scanning

Unfortunately nobody can be told which path to take, you must see it for yourself, so choose wisely. Ripped from today's headlines, the writers and editors of Linux.com are proud to present this security-minded introduction to protecting your system. Read on, and know yourself.

  << Page 2 of 5  >>

The command line telnet program can be used to connect to these ports. For instance, type:

telnet www.yahoo.com 80

After you see: Connected to www.yahoo.akadns.net.
Escape character is '^]'.

Type: GET / [return][return]

The web server will respond with a bunch of HTML. A normal web browser would then interpret this HTML and display the appropriate graphics and text on your screen.

A port scan program, on the other hand, will attempt to connect to various ports and determine which ones are "open" and have a service responding behind them, as the web server responded in our example above.

The simplest (albeit most time-consuming) way to do this is to telnet to every port on a host starting with 0 and ending with 65535, noting which ports allow a connection.

Continuing with the telephone number analogy, this would be as though one called up Transmeta and tried every possible extension, noting which ones were valid and which ones were not.

However, computers are exceedingly good at automating tasks like this, and as can be expected, clever programmers have written scripts and programs that take the drudgery out of this task.

So What Possible use is a Port Scan to Me?

Port scanning is an important tool to detect what services your computer is running. Although they are getting better, many default Linux installs still leave many unnecessary services on, which can open your machine to security compromises.

A sure way to see what you have running is to port scan your own system (IE localhost). Port scanning is also a good technique to test firewall rule sets.

Port scanning is an important initial step towards knowing yourself. If you don't know what services you have running, it will be impossible to secure them from malicious crackers. It is also important to familiarize yourself with port scanning programs so you will know your "enemy", system crackers, who will often employ a port scan to determine if you have an exploitable service running.

Advanced port scan tools will even do TCP/IP stack fingerprinting, allowing an attacker to determine what operating system you are running, often down to the kernel version!

  << Page 2 of 5  >>