Tuesday, 8 September 2009

Experiment 4 on Network Scanning under Ubuntu

This experiments were performed when I got free time after semester 1 finished and waiting for semester 2 commenced. FYI, at that time I still joined MSc in Forensic Informatics at the University of Strathclyde. It is same as other posts, below is the email I sent on 26 January 2009 to my colleagues after successful experiments on network scanning. For security purpose, I rename the website I targetted in the experiments.

This sharing is intended to welcome our semester 2 which will be commenced tomorrow. It is about Network Scanning. I am sorry if anyone has known about it.

I undertake the experiment this evening using nmap which is a powerful tool to scan a network such as for determining the hosts and what services that are running, therefore it is good for a administrators to diagnose their network. On the other side, it can be used wrongly by hackers to exploit a network through opened ports.

nmap can be downloaded at http://nmap.org. nmap can run under Linux, Windows or Mac OS. I undertook experiment under Linux on Ubuntu machine.

tar zxvf nmap-4.76.tgz
cd nmap-4.76
./configure
make
make install

after the installation process finished successfully, I run the command of 'nmap localhost' which displays Port, State and Service running on my machine, so that I can check whether there is strange opened port which is possibly used by intruders through trojans.

I also run the command
'nmap -A -T4 -PN www.website.com'
 
From the command above, it shows the Port, State, Service and Version running on www.website.com. -PN means no Ping action while -A is used to enable OS detection, script scanning and traceroute. -T4 is for faster execution. Interestingly I got opened ports which are questioned about its service
such as

PORT  STATE SERVICE  VERSION
5987/tcp open unknown? 
8009/tcp open ajp13?
10000/tcp open snet-sensor-mgmt?

For http service, there are some ports which are opened such as
80/tcp  open http  Apache httpd
898/tcp  open http  Solaris Management ConsoleServer
5988/tcp open http  java 14.1_06

For rpcbind service which is universal addresses to RPC (Remote Procedure Call) program number mapper, there are also some ports opened
2049/tcp open rpcbind
4045/tcp open rpcbind
32775/tcp open rpcbind
32778/tcp open rpcbind
32779/tcp open rpcbind

I didn't perform any further either exploration or exploitation about the ports of www.website.com which are being opened.

In positive meaning, nmap is a good tool for an administrator for checking the network. In negative meaning, nmap could be a dangerous tool for hacker to scan a network for vulnerability.
It is actually simple experiments but it has valuable meaning as it can provide significant information related to a network scanned. In positive purpose, it can be used by network administrators to check their network in order to seek ports opened. If an opened port is allegedly used by intruder, so they can terminate that port from the use. Meanwhile in negative purpose, it becomes reliable tool for hackers to expolit vulnerabilities of a network. If it is used without consent of network adminsitrator, so it is a crime. Please use it in positive way.
 

No comments:

Post a Comment