IEEE Paper Template in A4 (V1)
Total Page:16
File Type:pdf, Size:1020Kb
International Journal of Electrical Electronics & Computer Science Engineering Volume 1, Issue 5 (October 2014), ISSN : 2348 2273 Available Online at www.ijeecse.com Analysing Port Scanning Tools and Security Techniques Rajwinder Kaur1, Gurjot Singh2 1Post Graduate, Department of Computer Science and Applications, KMV, Jalandhar, Punjab, India 2Assistant Professor, Department of Computer Science and Applications, KMV, Jalandhar, Punjab, India [email protected], [email protected] Abstract: The port scanning is a process of scanning ports of a (C) Fragmented packets: the scanner sends packet computer system. A port is a spot where information goes into fragments that get through simple packet filters in a and out from a computer. The port scanning identifies open firewall. doors/ports of a system. Port scanning helps in managing the networks, but it can also be destructive in nature as if someone (D) Udp: the scanner looks for open udp ports. is sniffing for a weakened access point to breach into the computer system with different critical attacks like DOS, Botnet (E) Sweep: the scanner connects to the same port on more and DDOS. An attacker performs port scanning of IP addresses than one machine. to find vulnerable hosts to compromise. In this paper we analyze various port scanning tools and the security techniques to (F) Ftp bounce: the scanner goes through an ftp server in prevent port attacking. order to disguise the source of the scan. Keywords: Nmap, port scan, Superscan, Angry ip scan, (G) Stealth scan: the scanner blocks the scanned computer Uniconscan, Networkactiv Port Scanner, Ultrascan. from recording the port scan [3]. I. INTRODUCTION II. PORT SCANNING TOOLS Port scanning is one of the most important step in gathering A. NMAP: This tool developed by Fyodor is one of the the information(reconnaissance phase) about the victim best unix and windows based port scanners also used as against whom you want to launch attack or simply command-line program. The advanced port scanner tool gathering loop holes of your own system to prevent from has a number of useful aspects that gives user a lot of hackers. This technique composed of sending a message to control over the process. Nmap “NETWORK MAPPER” is a port and listening for an answer. Port scanning is done to capable of doing many types of scans and OS identification get the current state of the port means weather Port is open, it also has the ability to blind scan and zombie scan, and it close, filtered or prevented. Port Scan is the act of enables to control the speed of the scan from slow to very systematically scanning a computer's ports [1,2]. Since a fast. It can be used for security scans, simply to identify port is a spot where information goes into and out of a which services a host is running, to "fingerprint" the computer, port scanning identifies open doors/ports to a operating system and applications on a host and the type of computer system. Port scanning is basically like ringing a firewall a host is using, or to do a quick inventory of a local door bell of someone’s home, if somebody responds to network [4]. It is, in short, a very good tool to know. Nmap ringing door bell it results in existence of someone at home. can be used for discovering, monitoring, and If no one respond then there will be two situations, First troubleshooting.TCP and UDP based systems. Nmap is a members of house are busy or no one is at home. Similarly general purpose network scanner. It supports most of the in case of Hacking, you send a request to host`s system for known operating systems including Windows, Linux, checking that particular port is live or not. If it responds UNIX, and Mac OS X. back that means it is alive otherwise it is closed or inactive. Hackers utilize port scanning because it is an easy way in B. 1st Ip Port Scanner: 1st Ip Port Scanner is a very which they can quickly discover services they can break efficient Ip Scanner and Port Scanner. It is intended for into. Hackers can even open the ports themselves in order both system administrators and general users to monitor to access the targeted systems [3]. and manage their networks. Powered with multi-thread scan technology, this program can scan hundreds Types of Port Scanning: computers per second. It simply pings each IP address to check if it's alive, then optionally it is resolving its (A) Vanilla: The scanner attempts to connect to all 65,535 hostname, scans ports, etc. Free IP scanner can also display ports. Vanilla port scanning is a very accurate way to NetBIOS information: host name, workgroup, currently determine which TCP services are accessible on a given logged user and MAC address and it can also find port, target host. search port and scan port. Its speed of scanning is very (B) Strobe: a more focused scan looking only for known fast.1st Ip Port Scanner tests whether a remote computer is services to exploit alive with three types: ICMP, SYN and UDP and testing whether a TCP port is being listened with two types: CONNECT and SYN. It reverses lookup IP address into 58 International Journal of Electrical Electronics & Computer Science Engineering Volume 1, Issue 5 (October 2014), ISSN : 2348 2273 Available Online at www.ijeecse.com hostname and read responses from connected TCP Port. It 5. Ability to perform WHOIS, queries, user may either checks the UDP port's status based on "ICMP Destination specify a WHOIS server or have the program attempt Port Unreachable" message [16]. to determine a WHOIS server automatically 1st Ip Port Scanner Features: 6. Performs DNS dig queries, user may choice between TCP/UDP. 1. It can find ip address, ip relay; trace ip address, ip check, ip scan. E. ANGRY IP SCAN: Angry Ip scanner is a tool that scans 2. It performs port scanning, port finder/search. network for open Ip addresses designed for network 3. Fast and multi-threaded IP scanning. administrator to check the network security. Angry IP 4. It can scan hundreds of systems per second which is Scanner is a cross-platform port and IP scanner. The ideal for administrators. application is developed in java, so it is cross platforms compatible with different OS. It is a great program for 5. Fully configurable Port Scan. doing a network audit or for just finding out more 6. It Saves obtained information into text file. information about your network. It can locate in any network device that responds to the scan. It can locate on 7. A simple, user-friendly interface makes operation easy any device in the network that has an IP address and that for users Spy ware free, not contain any Ad ware or doesn't have any firewall. It performs basic host discovery Viruses and port scans on Windows. The size of its binary file is very small as compared to other scanners and other pieces C. Atelier Web Security Port Scanner: AWSPS can provide of information about the target hosts that can be extended extremely useful information about other networked with plug-in [5, 6] Machines user. It provides first rate listing of port set up on the local machine detailing which ports are open. It shows Features of Angry Ip scanner Tool: traffic detail for TCP, UDP as well as for control packets ICMP including ping. Atelier Web Security Port Scanner is 1. It is Open source software, means free to use. an innovative network diagnostic tool that adds a new 2. The fastest Ip scanner. dimension of abilities to the network administrators, security professionals and all people concerned with safety 3. Cross-platform tool (supporting Linux, Windows, Mac of systems. It provides TCP scanning functionality and OS.) UDP port scanning, local network enumeration and a high- level of detail on the local network set-up for a machine on 4. Light weighted tool so its CPU utilization is less. a local area network [18]. 5. No installation is required D. NetworkActiv Port Scanner: It is a network exploration 6. It can get the Host name and administration tool that allows you to scan internal LANs and external WANs. The versatility and closable 7. Design for multiple host operating mode nature available in NetworkActiv Port Scanner makes it useable by experienced network 8. Number of routers per trip and distance between administrators. It provides all the basic functionality that source and destination you should expect in an advanced network scanner, but 9. Cross-Platform application also provides many additional features and technologies, some of which being completely unique to this scanner. It F. SUPERSCAN: It detect open TCP/UDP ports determine provides scanning performance simply not found in other which services are running on those ports. It also run Windows based network scanners [17]. queries like whois, ping etc. It operates the whole surface of the physical device searching for all possible logical Features of networkactiv port scanner drives and partitions. It checks that they are live, damaged 1. Tcp subnet port scanner, for finding web servers and or deleted. If a partition cannot be found, it keeps searching. other servers. It reads each disk sector and looks for not only the boot sector, but also rebuilt the drive structure, based on residual 2. High performance trace-route. clues that remain on the disk surface. This is a very slow process and it usually gives much more results than 3. Remote OS detection ability to make an educated QuickScan. It provides three main tools: TCP port scanner, guess about the OS of a remote host, this is done by Ping tool, and Resolver tool [15].