Originally Published: Thursday, 7 June 2001 Author: Matt Michie
Published to: enchance_articles_security/Basic Security Articles Page: 3/5 - [Printable]

Linux.com Security: Introduction to Port Scanning

Unfortunately nobody can be told which path to take, you must see it for yourself, so choose wisely. Ripped from today's headlines, the writers and editors of Linux.com are proud to present this security-minded introduction to protecting your system. Read on, and know yourself.

  << Page 3 of 5  >>

What Port Scan Programs are Available?

The following is a small sampling of the port scan programs available under Linux culled from Freshmeat:

How Do I use these Programs?

First, be aware that it is possibly illegal and certainly impolite to scan computers that you do not own or admin. Never scan a remote system on the Internet without permission. This is the Internet equivalent of walking around your neighborhood and trying out every door to see which ones are unlocked. Depending on the scan, this may even be considered a Denial of Service attack. Don't do it.

At present, the fullest featured and most widely used port scan program is nmap (Network Mapper). Infoworld has this to say about nmap, "if your goal is to understand your network from a 40,000-foot view, then Windows port scanning tools will suffice. But if you're serious about your security and looking for the holes that crackers will find, then take the time to install a Linux box and use nmap."

One of the goals the author of nmap had was to eliminate the need to carry around multiple port scanners in his security toolbox. Therefore, nmap supports nearly every port scan and TCP/IP fingerprinting technique. It will scan multiple hosts as well as single systems. Malicious individuals sometimes use the advanced options in nmap to stealthily scan hosts on the Internet. As you advance, it is a good idea to try out some of these options on your own computer to see the effects and determine whether your defenses are up to detecting the scan.

First, download the nmap program from http://www.insecure.org/nmap/. The site has source, binary and package downloads, one of which will work on your particular Linux distribution. Nmap also compiles most standard UNIX flavors.

  << Page 3 of 5  >>