Server Administration
  Home arrow Server Administration arrow Page 3 - Third Party IP Network Scanning Method...
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
Download TestComplete 
Forums Sitemap 
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SERVER ADMINISTRATION

Third Party IP Network Scanning Methods
By: O'Reilly Media
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 2
    2008-06-05

    Table of Contents:
  • Third Party IP Network Scanning Methods
  • IP ID header scanning
  • UDP Port Scanning
  • IDS Evasion and Filter Circumvention
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Third Party IP Network Scanning Methods - UDP Port Scanning
    (Page 3 of 4 )

    Because UDP is a connectionless protocol, there are only two ways to effectively enumerate accessible UDP network services across an IP network:

    1. Send UDP probe packets to all 65535 UDP ports, then wait for “ICMP destination port unreachable” messages to identify UDP ports that aren’t accessible.
    2. Use specific UDP service clients (such as snmpwalk, dig, or tftp) to send UDP datagrams to target UDP network services and await a positive response.


    Figure 4-11.  Vscan used to launch an IP ID header scan

    Many security-conscious organizations filter ICMP messages to and from their Internet-based hosts, so it is often difficult to assess which UDP services are accessible via simple port scanning. If “ICMP destination port unreachable” messages can escape the target network, a traditional UDP port scan can be undertaken to identify open UDP ports on target hosts deductively.

    Figures 4-12 and 4-13 show the UDP packets and ICMP responses generated by hosts when ports are open and closed.


    Figure 4-12.   An inverse UDP scan result when a port is open

    UDP port scanning is an inverted scanning type in which open ports don’t respond. In particular, the scan looks for “ICMP destination port unreachable” (type 3 code 3) messages from the target host, as shown in Figure4-13 .


    Figure 4-13.   An inverse UDP scan result when a port is closed

    Tools That Perform UDP Port Scanning

    Nmap supports UDP port scanning with the –sU option. SuperScan 4 also supports UDP port scanning. However, both tools wait for negative “ICMP destination port unreachable” messages to identify open ports (i.e., those ports that don’t respond). If these ICMP messages are filtered by a firewall as they try to travel out of the target network, the results will be inaccurate.

    During a comprehensive audit of Internet-based network space, you should send crafted UDP client packets to popular services and await a positive response. The scanudp utility developed by Fryxar (http://www.geocities.com/fryxar) does this very well. Example 4-7 shows scanudp being run against a Windows 2000 server at192.168.0.50.

    Example 4-7. Running scanudp

    $ scanudp
    scanudp v2.0 -   by: Fryxar
    usage: ./scanudp [options] <host>

    options:
     -t <timeout>    Set port scanning timeout
         -b <bps>        Set max bandwidth
         -v              Verbose

    Supported protocol:
    echo daytime chargen dns tftp ntp ns-netbios snmp(ILMI) snmp(public)

    $ scanudp 192.168.0.50
    192.168.0.50     53
    192.168.0.50     137
    192.168.0.50     161

    Next: IDS Evasion and Filter Circumvention >>
     

    More Server Administration Articles
    More By O'Reilly Media


       · This article is an excerpt from the book "Network Security Assessment, Second...
     
    >>> Post your comment now!

    Buy this book now. This article is excerpted from chapter four of Network Security Assessment, Second Edition, written by Chris McNab (O'Reilly, 2007; ISBN: 0596510306). Check it out today at your favorite bookstore. Buy this book now.

    SERVER ADMINISTRATION ARTICLES

    - Processes in the UNIX Shell
    - Migrating from Windows to Wine
    - Wine: Not Another Emulator
    - Preventive Measures to Block SSH Attacks
    - Monitoring Temperatures with Cacti
    - Cacti: RRDTool-based Graphing Solution
    - Network Magic 5.0 Review
    - Netfilter and Iptables Overview
    - Installing and Configuring Squid
    - Clickfree PC Backup Systems Compared
    - Squid, the Caching Proxy
    - Regular Expressions in the Unix Shell
    - Source Code Version Control Solutions
    - OTRS: Open Source Ticket Request System
    - Clonezilla: Free Mass Disk-Cloning Utility
    Find More Server Administration Articles




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 3 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek