If the attacker's aim is to be covert about the attack, then he or she may choose to put off any port scanning and start with actively enumerating information from the organization's web applications gathered during the passive profiling stage. If port scanning is not carried out with caution, Intrusion Detection Systems (IDSs) or Intrusion Prevention Systems (IPSs) may be triggered, alerting administrators to the attack—assuming the IDSs and IPSs are configured correctly.
Additional web applications may be uncovered by performing port scans against common web ports over TCP, such as 80, 81, 82, 443, 8000, 8001, 8080, 8081, 3128, and 8443. The following code listing shows how Nmap can be used to perform a simple scan for a subset of common web ports for a range of IP addresses. The -P0 option skips the host discovery process and performs the scans even if the host does not appear to be active.
nmap -P0 -p80,443,8080 192.168.1.11-20
More advanced techniques can also be used to bypass firewalls or avoid detection by IDSs, such as fragmenting packets or manipulating the MTU, cloaking a scan with decoy probes, spoofing source IP addresses, setting the source port to 53, setting the TTL value, and sending packets with a bogus checksum. Other popular port scanners include Unicorn Scan, Amap, and Hping. Hping is a great tool for generating specifically crafted custom packets to throw at your target, allowing low-level control over the packets being produced.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.