Cyber Security

Prof. Chintan Patel

Chintan.patel@marwadieducation.edu.in
 Content
• IP Address
• Protocol
• Port
• System Vulnerability
• Types of Vulnerability scanners
 Internet Protocol Address
• IPv4 Address: it is a 32 bit unique address
which is used for to connect with host system

– Class A : 1.xxx.xxx.xxx to 126.xxx.xxx.xxx

– Class B : 128.0.XXX.XXX to 191.0.xxx.xxx
– Class C : 192.0.0.XXX to 223.0.0.xxx

• Loopback Address : 127.XXX.XXX.XXX

• IPv6 Address : it is represented by a series of
eight 16 bit hexadecimal field separated by
colons(:) in the format x.x.x.x.x.x.x.x.

• Total 128 bit address

 Protocol

A some set of Rules

• Human Protocols

• Defines the format and order of message exchanged as well

as actions taken on transmission.

• computer network protocol:

• HTTP
• FTP
• SMTP
• etc……..
 Types of Services
• Connection Oriented Service
– Sending a control packet before transmitting
actual data
– 3 way Handshaking TCP
– Reliable , Flow control , Congestion Control
– TCP : HTTP , FTP , TELNET , SMTP

• Connection Less Service

– No handshaking
– Faster Delivery
– UDP : Media streaming , video conferencing
 Port
• Port is an identity of process or service

• It is 16 bit unsigned integer

• Port no ranges from 0 to 65535

• IANA (Internet Assigned Number Authority) is

responsible for assigning port number for Use.
 Well Known Port
• Port ranges from 0 to 1023 are known as well known
port numbers
• used by system processes that provide networking
services.

• Famous well known ports :

– 20 , 21 : FTP Data and Control ports
– 22 : SSH (Secure shell) for secure login
– 23 : Telnet for unencrypted text transmission
– 25 : Simple mail transfer protocol
– 53 : Domain Name system
– 520 : Routing information protocol
 Registered Port
• Ranges from 1024 to 49151
• Assigned by IANA for specific services upon
applications by requesting entity
• User by ordinary users

• Examples :
– Proxy servers ports
– Virtual private network ports
– Port requested by IBM , Apple, Oracle and many
companies for their specific services
Dynamic, Private or Ephemeral ports
• Ranges from 49152 – 65535

• Can not be registered with IANA

• Used for private or temporary purposes

 IP + Port
• IP : To connect with system
• Port : To connect with Process or application
• (IP Address) : (port number)

• If IP Address is a telephone than Port number

is extensions.
 Port Scanner
• A port scanner is a software application designed to
probe a server or host for open ports.
• Used by administrators to verify security policies of
their networks
• Used by attackers to identify running services on a
host with the view to compromise it.

• Examples : NMAP
 Port Scanning
• Main Goal of Port scanning is to find out which ports are open, which are closed
and which are filtered.

• Open port: port on which application is actively accepting TCP or UDP traffic.
– Finding open port is primary goal of port scanning
– Each open port is an avenue for attack
– Attacker want to exploit the open ports.
– Network administrator wants to protect by some firewall
– Important for non security scan also to identify available services
• Close Port: ports which are accessible but no application listening on it
– Used for Host discovery, OS Detection
– Network administrator want to block it by firewall to reduce its accessibility.
• Filtered port: ports which can not be reached by port scanner
– Can not identify weather its open or close
– Filtering can be from firewall device, routing rules, or firewall software
• Unfiltered port: ports which can be reached by port scanner but can not be
identified weather its open or close
• If port is open :
– Send SYN Packet
– Response will be SYN + ACK Packet

• If port is closed :
– Send SYN Packet
– Response will be RST Packet

• If port is Filtered :
– Send SYN Packet
– No response

• If target machine is protected by firewall than its firewall rules

that decides what will be the response of machine.
 Vulnerability scanning
or
Weakness scanning
• A vulnerability scanner is a computer program designed to assess
computers, computer systems, networks or applications for weaknesses.
or
• Vulnerability scanning means searching for security bugs on a single
system or across network

• Requirement of Vulnerability scanner :

– Discovering present bugs in network, network firewall
– Discovering new possibility of vulnerabilities
– Discovering systems in network which are vulnerable from outside
attack.
• Zero-day vulnerability : weakness which is first time identified in system or
network.

• False negative: vulnerability exists but scanner says there is no vulnerability

• False positive: Vulnerability does not exist but scanner says there is
vulnerability

• Vulnerability scanner must be able to identify zero-day vulnerability and

should not suffer from false positive or false negative

• Vulnerability scanner : Depends on techniques used for

– Host discovery
– Port scanning
– Other vulnerability scanning
 Types of Vulnerability scanner
• Port scanner
• Network Vulnerability scanner
• Web application security Scanner
• Database Security Scanner
• Host based Vulnerability Scanner
 Identifying open port and services

• Telnet (Port no 23) is lacking of encryption and

any one can read data transferred on this port.

• So for attacker : identify open telnet port

• For Network admin : configure telnet service
on any other unknown port no.
 nmap port scanner
• nmap : network mapping is a open source scanner and which
was developed by fyodor.
• Most popular port scanner for Linux/Unix machines

• Services by nmap :
– Port scanning
– Identify all the running services on network
– Identifying operating system and protocol versions
– TCP Scan , UDP Scan, ICMP Scan
 Footprinting

• Gathering information about a computer

system and the companies it belongs to.

• www.ping.au
• http://whois.domaintools.com
 Banner Grabbing
• After identifying running services let us identify software and
versions on which that service is.

• Open command prompt :

– telnet localhost 21