Scan Open Ports/Services of Target: Netcat Scan Open Ports/Services of Target: Netcat

Prerequisites: None Countermeasures: Uninstall/disable fix unnecessary services, Intrusion Detection Systems (IDS) Log and Event Log review Description: The netcat application has many uses; one is the ability to scan a target for open ports and services. Another utility, cryptcat, is almost identical except that it operates with encryption. Procedure: From a DOS prompt, type the following with the syntax of: nc _ The –v option instructs netcat to run in verbose mode, allowing you to see the progress of the scan. _ The –r option instructs netcat to randomize local and remote ports in an attempt to elude any intrusion detection systems. _ The –w2 option instructs netcat to wait 2 seconds between each port scanned to help elude any intrusion detection systems. _ The –z option instructs netcat to operate in a zero-I/O (Input/Output) mode. It is best to use the –z when scanning with netcat. _ The 1-1024 instructs netcat to scan port 1-1024. In this example, the target has the following ports open: _ 80 (Web) _ 7 (Echo) _ 13 (daytime) _ 21 (FTP) _ 17 (Quote of the Day) _ 445 (Windows Share) _ 9 (discard) _ 139 (Windows Share) _ 19 (Character Generator) _ 135 (epmap) _ 443 (HTTPS) _ 25 (Simple Mail Transfer Protocol [SMTP]) Note: From the results of this example the “low hanging fruit” ports are: _ 7, 13, 17, 9, and 19 as these ports can easily be used to create a Denial of Service (DoS). These ports should not be open to the Internet. © www.shubhamsahu.blogspot.com