Port Scanning: Unveiling the Hidden Doors of a Website
jadavvineet73
147 views
24 slides
Oct 15, 2024
Slide 1 of 24
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
About This Presentation
This presentation explores the essential technique of port scanning, a crucial step in website security assessment. Learn about the different types of port scanning methods, their applications, and the tools used to perform effective scans. We’ll discuss the importance of identifying open ports, u...
Slide Content
Port Scanning of Website By Saurabh S. Kajbaje
Agenda Abstract Reconcession Deliverable PoC Tool References
Abstract Scanning of the website for active open ports. Functions, Benefits, and Threats of an open port. Research Data Collection Impact Analysis Recommendation & Conclusion
Research Web Site Name : Tilak Maharashtra Vidyapeeth Host URL: www.tmv.edu.in Type: Universities and Colleges Overall Ranking: Global Rank: 723,226 Country (India) Rank: 58,011 Industry (Education) Rank: 7,181 Usages (All Traffic): Total Visits (Worldwide): 47,502 (June 2024 - August 2024). Device Distribution: Desktop/Laptop – 30.54%, Mobile web – 69.46%
Data Collection Technology Stack Hosting Panels: Plesk Operating Server: Windows Server Web frameworks: Microsoft ASP.NET (4.0.30319) UI frameworks: Bootstrap Web Servers: IIS (8.5) JavaScript Libraries: jQuery (1.8.2) CDN: jQuery CDN Tag Managers: Google Tag Manager
Port Scanning Port scanning is a technique for sending requests to ports on a network to determine whether they are open or vulnerable. Port scans can help identify open ports, weak points, and security devices on a network. When we send a message to a port, the response they receive determines whether the port is being used and if any potential weaknesses could be exploited.
Functionality of Port Scanner A port scanner sends a TCP or UDP network packet and requests the port about its current status. The three types of responses are below: Open, Accepted Closed, Not Listening Filtered, Dropped, Blocked
Types of Port Scanning Ping scans: A ping checks whether a network data packet can reach an IP address without issues. Ping scans involve automated transmissions of several ICMP requests to various servers. Half-open or SYNC scans: Attackers can check the state of a port without creating a full connection by using a half-open scan, often known as an SYN scan. This kind of scan transmits a SYN message and does not complete a connection with the recipient. XMAS scans: XMAS scans send several packets to a port to check if it is open. If the port is closed, the scanner gets a response. If it does not get a response, the port is open and can be used to access the network.
Proof Of Concept Finding the IP Address of the Website. Basic Port Scan (scanning most common 1000 Ports) –
Proof Of Concept Full Port Scan (scans all 65535 TCP ports): Service Version Detection: To determine what services are running on the open ports:
Proof Of Concept Port 21 FTP Possible Exploitations: Anonymous Authentication Weak or Default Credentials Cleartext Transmission of Credentials FTP Bounce Attack Directory Traversal Attack Unpatched FTP Software Misconfigured Permissions Passive vs. Active FTP Modes Denial of Service (DoS) Attacks Command Injection Mitigations Techniques: Anonymous Authentication Disable anonymous access unless necessary and apply strict permissions. Use strong authentication methods, including multi-factor authentication. Restrict IP addresses that can connect to the FTP server. Regularly audit and update FTP server software. Log and monitor FTP activity for suspicious behavior. Function: The function of an FTP port is to allow a computer and a server to communicate and transfer data.
Proof Of Concept Port 25 SMTP Possible Exploitations: Open Relay Abuse Spamming Spoofing Brute Force Attacks Mail Bombing Buffer Overflow Vulnerabilities TLS Downgrade Attack Exploitation of Default or Misconfigured Settings SMTP Header Injection Phishing and Email-based Malware Mitigations Techniques: Disable open relaying: Use encryption (TLS/STARTTLS Limit access Monitor logs Apply patches regularly Function: Simple Mail Transfer Protocol (SMTP) is used for sending emails.
Proof Of Concept Port 53 DNS Possible Exploitations: DNS Cache Poisoning (DNS Spoofing) DNS Amplification Attacks DNS Tunnelling DNS Reflection Attacks DNS Hijacking DNS-based Malware C2 Communication DNS Flooding Zone Transfer Exploitation DNS Rebinding Exploitation of DNS Over HTTPS ( DoH ) Mitigations Techniques: Use DNSSEC Close Open Resolvers Implement Rate Limiting Filter DNS Traffic Monitor DNS Queries Restrict Zone Transfers Deploy DNS-over-TLS (DoT) Function : Domain Name System (DNS) resolves domain names to IP addresses, enabling users to access services using easy-to-remember names like example.com.
Proof Of Concept Port 80 HTTP Possible Exploitations: SQL Injection (SQLi) Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Remote File Inclusion (RFI) Local File Inclusion (LFI) Unvalidated Redirects and Forwards Command Injection Server-Side Request Forgery (SSRF) Insecure Direct Object References (IDOR) Cookie Hijacking Broken Authentication Denial of Service (DoS) or Distributed Denial of Service (DDoS) Mitigations Techniques: Use HTTPS Input Validation Use Security Headers Web Application Firewall (WAF) Patch Management Access Controls Session Security Error Handling Function : HTTP is used to serve unencrypted web content. This allows users to view the website.
Proof Of Concept Port 443 HTTPS Possible Exploitations: SSL/TLS Vulnerabilities Man-in-the-Middle Attacks (MITM) TLS Downgrade Attacks Insecure TLS Renegotiation SSL Pinning Bypass HTTPS Misconfigurations Server Vulnerabilities Certificate Authorities (CA) Exploitation HTTP/2 Vulnerabilities Mitigations Techniques: Use Modern TLS Versions Regularly Update and Patch Implement HSTS Use Strong Ciphers and Key Lengths Enable Perfect Forward Secrecy (PFS Monitor Certificate Enable Secure Cookies Certificate Pinning Function : HTTPS is the secure version of HTTP, using SSL/TLS to encrypt communication between the client and the server.
Proof Of Concept Port 110 POP3 Possible Exploitations: Plaintext Credentials (Port 110) Brute Force Attacks Buffer Overflow Vulnerabilities SSL/TLS Downgrade Attacks (for POP3S) Misconfiguration and Weak Encryption POP3 Command Injection Directory Traversal (in Misconfigured Servers) Denial of Service (DoS) Attacks Mitigations Techniques: Prefer IMAP or SMTP for email retrieval and sending since they are generally more secure and flexible than POP3. Enforce SSL/TLS (POP3S) to encrypt the connection. Regular patching of the mail server software to mitigate known vulnerabilities. Implement rate-limiting, CAPTCHA, and IP blacklisting to defend against brute force and DoS attacks. Use strong encryption algorithms and regularly audit the server for misconfigurations. Function : The Post Office Protocol version 3 (POP3) retrieves emails from a mail server.
Proof Of Concept Port 135 MSRPC Possible Exploitations: Unauthorized Remote Code Execution (RCE) Pass-the-Hash ( PtH ) and Credential Stealing Privilege Escalation Denial of Service (DoS) Weak Authentication or Misconfiguration Man-in-the-Middle (MitM) Attacks SMB Relay Attacks Lateral Movement via MSRPC Brute Force Attacks on Exposed Ports Mitigations Techniques: Apply Security Patches Firewall Configuration Strong Authentication and Encryption: Network Segmentation Monitoring and Logging Function : The MSRPC protocol is widely used for communication between Windows services over a network, including access to network services and system resources
Proof Of Concept Port 143 IMAP/993 IMAPS Possible Exploitations: Weak Authentication (Brute Force Attacks) IMAP Protocol Downgrade Attacks Man-in-the-Middle (MITM) Attacks Vulnerabilities in IMAP Software Information Disclosure (Banner Grabbing) Denial of Service (DoS) Attacks Cross-Protocol Attacks Session Hijacking IMAP Command Injection Mitigations Techniques: Enforce SSL/TLS (IMAPS) and disable unencrypted IMAP connections. Use strong authentication methods (multi-factor authentication, strong passwords). Regularly update and patch IMAP software to fix known vulnerabilities. Disable unnecessary service banners to prevent information leakage. Monitor for unusual IMAP activity to detect potential intrusions. Function : IMAP is commonly used for retrieving emails from a server, and it's typically associated with port 143 (unencrypted) & port 993 (encrypted).
Proof Of Concept Port 3306 MySQL Possible Exploitations: SQL Injection Attack Brute Force Attacks Remote Code Execution (RCE) Exploiting Default Configurations Privilege Escalation Data Exfiltration Using MySQL as a Pivot Point Denial of Service (DoS) Attacks Mitigations Techniques: Input Validation Strong Password Policies Least Privilege Principle Firewall Configuration Regular Updates Monitoring and Logging Function : MySQL is a popular open-source relational database management system (RDBMS) for managing database-driven websites.
Conclusion & Recommendations The scan reveals several open ports providing essential services to www.tmv.edu.in. While these services are necessary for the proper functioning of the web server, they also expose potential security risks. It is recommended to: Migrate HTTP traffic to HTTPS entirely. Regularly update all services, particularly SSL/TLS certificates and configurations. Secure the MySQL database by isolating it from public internet access. Implement port scanning detections like PortSentry , Scanlogd , Netcat,IDS . Conduct regular port scans. Services Monitoring. Close all unused ports. Continuously carry out port traffic filtering. Install firewalls on every host and patch the firewall regularly. Monitor open port vulnerabilities: Using penetration testing to simulate attacks through open ports Conducting vulnerability assessments
References https://www.fortinet.com/resources/cyberglossary/what-is-port-scan#:~:text=A%20port%20scan%20is%20a,being%20used%20by%20an%20organization. https://www.geeksforgeeks.org/nmap-command-in-linux-with-examples/
Tools Nmap Scanning Tool www.wappalyzer.com www.pro.similarweb.com www.shodan.io
Questions ?
Thank You!
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 147
- Slides 24
- Age 412 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views