psk-study

Active Scanning-Port Scanning

박서경's photo
박서경
·

3 min read

Table of contents

Reconnaissance-Active Scanning→Port Scanning

Types of Port Scanning

Port Scanning plays a critical role in network security, allowing both security professionals and attackers to identify potential vulnerabilities in a system. By scanning ports, security experts can identify and patch security weaknesses, preventing unauthorized access. However, attackers can use these techniques to exploit open ports for gaining unauthorized access. Therefore, both understanding and defending against port scans are essential for securing systems.

Port scanning techniques can vary, and here are the main types:

1. TCP Connect Scan

  • Method: This scan attempts to establish a full TCP connection with the target system to identify open ports. It uses the system's built-in connection mechanisms

    (TCP 연결을 완전하게 시도하여 포트가 열려 있는지 확인)

  • Features: It's a basic method, reliable, but more likely to be detected by the target system due to the connection attempts.

  • (매우 기본적이고 신뢰할 수 있지만, 목표 시스템에 연결 시도를 통해 탐지될 가능성이 높습니다.)

  • Example:

      nmap -sT target-ip

2. SYN Scan (Half-Open Scan)

  • Method: The attacker sends a SYN packet to the target, waits for the SYN-ACK response, and then aborts the connection by sending an RST packet. This helps determine open ports without completing the connection.

  • (공격자는 SYN 패킷을 보내고 응답을 기다립니다. 서버는 SYN-ACK 패킷을 보내고, 공격자는 이를 RST 패킷으로 취소합니다. 연결을 완료하지 않고, 열린 포트만 확인합니다.)

  • Features: It’s fast, effective, and harder to detect than TCP connect scans.

  • (빠르고 효율적인 스캔 방법으로, 탐지 확률이 낮습니다.)

  • Example:

      nmap -sS target-ip

3. UDP Scan

  • Method: This scan sends UDP packets to the target system. If there is no response, the port is considered open. If a response is received, the port is considered closed

  • Example:

      nmap -sU target-ip

- Port Open 상태 : (noting, or correct udp)응답이 없거나, 정상 UDP 응답 발생

- Port Close 상태 : ICMP Unreachable (Type:3 - Destination Unreacable, Code:3 - Port Unreachable)

4. Xmas Scan

  • Method: This scan sends a packet with the FIN, PSH, and URG flags set, known as an Xmas packet.

  • Example:

      nmap -sX target-ip

5. FIN Scan

  • Method: This scan sends FIN flag packets to the target, and if there is no response, the port is assumed to be open.

  • Example:

      nmap -sF target-ip

6. NULL Scan

  • Method: A Null Scan sends a packet with no flags set.

  • Example:

nmap -sN target-ip

FIN, Xmas, NULL

  • if RST → Closed

  • if nothing→ 1. port close / 2. Firewall

7. ACK Scan

  • Method: This scan sends ACK packets to identify firewall or packet filtering devices between the attacker and the target system.

    (ACK 패킷을 전송하여 방화벽을 우회하고, 시스템 내의 필터링된 포트를 탐지합니다.)

  • Features: It's used mainly for detecting firewalls or filtering systems rather than finding open ports

    (주로 방화벽 또는 패킷 필터링 시스템의 존재 여부를 확인하는 데 사용됩니다.)

  • Example:

      nmap -sA target-ip

    • F/W Filtered: No response or receiving Destination Unreachable.

      • F/W Unfiltered: Receiving RST response, regardless of whether the port is open or closed.
Active Scanningreconnaissance Port Scanning