Description:
The Scanline application has many uses and can be used to
obtain specific banner information from other running services by
connecting to other ports on the target. An attacker uses this information
to launch appropriate attacks for the results obtained.
Procedure:
Download or install from the accompanying CD and execute
against the target with the syntax of:
sl
(IP ADDRESS)
In this example, from a DOS prompt, type the following target:
sl ??“v ??“b 192.168.0.8
74
�
Practical Hacking Techniques and Countermeasures
Scanline identifies open ports on the target and retrieves the banner information.
In this example, the target:
�
Has ports 13, 19, 21, 25, 80, and 6666 open.
�
Is using Microsoft FTP Service, version 5.0.
�
Is using Microsoft ESMTP MAIL Service, version 5.0.2172.1
�
Is using Microsoft IIS, version 5.0.
�
Port 13 is used for the Daytime protocol.
�
Port 19 is used for the character generator service (chargen).
�
Port 6666 is normally used for Internet Relay Chat (IRC).
�
Ports 13 and 19 can be used by an attacker to perform a Denial-of-Service
(DoS) attack on the target as these ports are required to respond to
requests without any authentication.
*Note:
Sending 1,000 simultaneous requests to port 19, the chargen service will
respond with 1,000 endless loops of random character generation. What is
worse is if two targets are compromised in this fashion; both targets can
effectively create a DoS attack against each other with the attacker placing
the IP address of each target (spoofing) as the source of the requesting
computer.
Pages:
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52