June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
9.13. Testing for Open Ports
Problem
You want a listing of open network ports on your system.
Solution
Probe your ports from a remote system.
To test a specific TCP port (e.g., SSH):
$ telnet target.example.com ssh $ nc -v -z target.example.com ssh
To scan most of the interesting TCP ports:
# nmap -v target.example.com
To test a specific UDP port (e.g., 1024):
$ nc -v -z -u target.example.com 1024
To scan most of the interesting UDP ports (slowly!):
# nmap -v -sU target.example.com
To do host discovery (only) for a range of addresses, without port scanning:
# nmap -v -sP 10.12.104.200-222
To do operating system fingerprinting:
# nmap -v -O target.example.com
For a handy (but less flexible) GUI, run nmapfe instead of nmap.
Discussion
When attackers observe your systems from the outside, what do they see? Obviously, you want to present an image of an impenetrable fortress, not a vulnerable target. You’ve designed your defenses accordingly: a carefully constructed firewall, secure network services, etc. But how can you really be sure?
You don’t need to wait passively to see what will happen next. Instead, actively test your own armor with the same tools the attackers will use.
Your vulnerability to attack is influenced by several interacting factors:
- The vantage point of the attacker
Firewalls sometimes make decisions based on the source IP address (or the source port).
- All intervening firewalls
You have your own, of course, but your ISP might impose additional restrictions on incoming or even outgoing ...