Content deleted Content added
m remove links to deleted portals |
m Task 16: replaced (3×) / removed (0×) deprecated |dead-url= and |deadurl= with |url-status=; |
||
Line 36:
===UDP scanning===
UDP scanning is also possible, although there are technical challenges. [[User Datagram Protocol|UDP]] is a [[connectionless]] protocol so there is no equivalent to a TCP SYN packet. However, if a UDP packet is sent to a port that is not open, the system will respond with an [[Internet Control Message Protocol|ICMP]] port unreachable message. Most UDP port scanners use this scanning method, and use the absence of a response to infer that a port is open. However, if a port is blocked by a [[Firewall (computing)|firewall]], this method will falsely report that the port is open. If the port unreachable message is blocked, all ports will appear open. This method is also affected by ICMP [[rate limiting]].<ref name=profmesser1>{{cite book|last1=Messer|first1=James
</ref>
Line 45:
===Window scanning===
Rarely used because of its outdated nature, window scanning is fairly untrustworthy in determining whether a port is opened or closed. It generates the same packet as an ACK scan, but checks whether the window field of the packet has been modified. When the packet reaches its destination, a design flaw attempts to create a window size for the packet if the port is open, flagging the window field of the packet with 1's before it returns to the sender. Using this scanning technique with systems that no longer support this implementation returns 0's for the window field, labeling open ports as closed.<ref name=profmesser2>{{cite book |last1= Messer |first1= James |title=Secrets of Network Cartography: A Comprehensive Guide to Nmap |url=http://www.networkuptime.com/nmap/page3-13.shtml |archiveurl=https://web.archive.org/web/20060201065451/http://www.networkuptime.com/nmap/page3-13.shtml|archivedate=2006-02-01|accessdate=2011-12-05 |edition=2nd |year=2007 |
</ref>
Line 69:
The threat level caused by a port scan can vary greatly according to the method used to scan, the kind of port scanned, its number, the value of the targeted host and the administrator who monitors the host. But a port scan is often viewed as a first step for an attack, and is therefore taken seriously because it can disclose much sensitive information about the host.<ref>{{cite web | first=Shaun | last=Jamieson | title=The Ethics and Legality of Port Scanning | publisher=[[SANS Institute|SANS]] | url=http://www.sans.org/rr/whitepapers/legal/71.php | date=2001-10-08 | accessdate=2009-05-08}}</ref>
Despite this, the probability of a port scan alone followed by a real attack is small. The probability of an attack is much higher when the port scan is associated with a [[Vulnerability scanner|vulnerability scan]].<ref>{{cite web | first=Michel | last=Cukier | title=Quantifying Computer Security | publisher=University of Maryland | url=http://www.isr.umd.edu/research/research_briefs/Cukier_QuantCompSecurity.pdf | year=2005 | accessdate=2009-05-08 |
==Legal implications==
| |||