5/4/2015
Adversaries and Ports
IT-520
Contents
Abstract 2
Introduction 3
What is Hacking 4
Modus Operandi of Hackers 4
Common Hacker Ports 8
Port Scanning 8
IP Address Vulnerability 11
How can Hackers Target and Hack your Site 12
Defending Against Port Scans 8
Abstract
A weakness, which an adversary could take advantage of, in any network are the ports which connect the network to the outside world. These ports, or the tools behind them, may have weaknesses or vulnerabilities which render them able to be hacked. This paper will discuss how hackers think, what they look for, and what ports are commonly used.
Introduction
What is hacking? What are ...view middle of the document...
It is then left up to the reader to investigate their own computer, server, or network and see what ports are open and through looking up their version/ platform, to see if they have any known vulnerabilities. This will enable further personal research and growth in the area of computer security. This paper is not directed towards solving anyone’s particular problems but giving them the broad and general sense of how their adversaries work and thus enable them to be able to take the next step.
Lastly, the port scanner can be used by the reader. The reader should be aware that while this paper will focus on the port scanner being used by the adversary, it can be used by the reader in order to see their own ports and what is open and what is not. It is good to have the idea and viewpoint of the adversary so that whatever defense it deemed appropriate, it can be tested against what an adversary might do. As well as simply being able identify potential vulnerabilities.
What is Hacking
Ultimately, the hacker who is looking to control a network is looking for open ports which contain vulnerabilities, which then allows the adversary to utilize to their own advantage. So what is a textbook definition of Hacking? According to whatishacking.org, Hacking is “the practice of modifying the features of a system in order to accomplish a goal outside of the creators original purpose”1. A hacker could be a teenager or an elder, white or black, rich or poor, in this country or another. Hacking can be done in Table 1
relation to espionage or in order to steal corporate secrets or even just as a simply prank on a friend. Hacking is, at this point, mostly referred to what Hackers do, illegally breaking into a network. In the next section, will go through a standard methodology or thinking of how a hacker/ adversary would think when trying to break into a network.
Modus Operandi of Hackers
When an adversary strikes out against a network the only way to do so it through utilizing ports. They won’t be able to see a diagram of the network but let’s assume that the system which they are attacking is a “standard dual screened subnet with a firewall at the front and back”2. This webserver contains a front webserver and a backend database server along with a Domain controller.
When the adversary decides that they wish to attack a network, the first question they must then answer is what to attack. They will need the following to initiate an attack:
* “Network Address Ranges
* Host Names
* Exposed Hosts
* Applications exposed on those hosts
* Operating system and application version information
* Patch state of both the host and of the applications
* Structure of the applications and back-end servers”1
Let’s go through each of these to see how an adversary can penetrate the system and what this will enable them to do, starting with, Network Address Ranges. Let’s assume that the network under attack...