The popular type of firewall deployment are the application proxies and the packet filtering gateways. The possible vulnerability in any firewall is mis-configuration.
Scanning and banner grabbing allow attacker to take advantage of this identification. They may even be able to identify the version, type and maybe even certain rules.
To understand port scanning better, it is essential to understand how TCP connection is established between two systems as most scanners take advantage of this "three-way handshake".
- SYN sent from Client
- SYN/ACK sent from Server
- ACK sent from Client
The three-way handshake synchronize the connection and use sequence and acknowledgment number to indicate data transmission and reception. The TCP flag control the flow of the session and it is technically what a part scanner take advantage of. These flag can be used to collect port information.
Port numbers unlike IP numbers are not unique - though, they are unique to the system. They form the communication end points between systems. While the client use arbitrarily assigned port numbers, the server uses fixed port numbers to facilitate communication. Readers are encouraged to read RFC 1700 to familiarize themselves with assigned port number. In UNIX, there is file /etc/services and on Windows, there is file %windir%\system32\drivers\etc\services show the mapping of service to the assigned port number. An attacker getting access to this file to get entire communication mapping of the system.
沒有留言:
張貼留言