SlideShare uma empresa Scribd logo
1 de 3
Baixar para ler offline
OPEN PORT VULNERABILITIES
Samaresh Debbarma , Dhrubajit Das , Tara Kumari Choudhudy
Don Bosco College of Engineering and Technology
Master of Computer Applications, Fourth Semester 2013
Guwahati-17,Azara
Abstract- Internet is facilitating numerous services
while being the most commonly attacked
environment. Hackers attack the vulnerabilities in
the protocols used and there is a serious need to
prevent, detect, mitigate and identify the source of
the attacks. This report help us to understand the
effect of open port vulnerabilities and information
on many software tools that are available to protect
system from threats that may attack open ports and
directly exploit a feature or vulnerability .
Keywords: Networks; Vulnerability; Open port;
Attack;
1. INTRODUCTION
All systems connected to the Internet today can
expect to be repeatedly probed for open ports. It is
simply a fact of life that there will be attempts to
detect and exploit vulnerabilities in hosts on the
network. In order to be useful, a system may
require some ports to be open. Many Internet
applications expect to be able to connect to the
open port associated with a service on a remote
machine. Likewise, in order to manage a system,
you normally need to be able to connect to it.
These open ports can then be an entryway for
attackers. Some threats attack an open port and
then install a virus or trojan that can then act
independently and cause damage. Viruses or
trojans are generically called “malware.
Threats may attack open ports and directly
exploit a feature or vulnerability. E-mail servers
keep port 25 open so that remote systems can
connect and transfer mail messages. An attacker
may connect to an e-mail server that does not
protect against unauthorized relaying and employ
the server for the sending of spam. Valuable
system resources are being diverted to the
purposes of the attacker and may cause damage
to the system, degrade its performance.
2. OPENPORT VULNERABILITIES
A port is the mechanism that allows a computer
to simultaneously support multiple
communication sessions with computers and
programs on the network. A port is basically a
refinement of an IP address; a computer that
receives a packet from the network can further
refine the destination of the packet by using a
unique port number that is determined when the
connection is established. A port is essentially a
way for 2 devices to connect using a specific
protocol. Each device has an IP address, but this
only
identifies the device on the network. The port is
used to tell each device what kind of a
connection will be made.
Vulnerabilities are design flaws or mis-
configurations that make your network (or a
host on the network) susceptible to malicious
attacks from local or remote users.
Vulnerabilities can exist in several areas of your
network, such as in the firewalls, FTP servers,
Web servers, operating systems. Depending on
the level of the security risk, the successful
exploitation of vulnerability can vary from the
disclosure of information about the host to a
complete compromise of the host.
Based on the type of vulnerability identified at
open source distributed application we can
classify themas follows:
information vulnerabilities – due to
inconsistent of source code many
information can be offered to the
attackers;
physical vulnerabilities – defined as
vulnerabilities which can exploit the
main frame in which open source
products are running to gain access to
resources;
processing vulnerabilities – given by the
usage of untested instructions or
processing sequences;
communication vulnerabilities – due to
bad implementation of communication
protocols or to different forgotten
aspects of communication.
3. MITIGATINGTHETHREAT
With increasingly sophisticated attacks on the
rise, the ability to quickly mitigate network
vulnerabilities is imperative. Vulnerabilities if
left undetected pose a serious security threat to
enterprise systems and can leave vital corporate
data exposed to attacks by hackers. For
organizations, it means extended system
downtimes and huge loss of revenue and
productivity.
These threats may be mitigated in various ways,
such as: controlling access to the system,
monitoring system activity, creating and
enforcing policies. Many software tools are
available to protect system from threats that may
attack open ports and directly exploit a feature or
vulnerability.
Vulnerability scanners are automated tools used
to identify security flaws affecting a given
systemor application.
Some the software tools that are used for port
scanning and vulnerability are listed below:
Nessus
Nessus is the world’s most popular vulnerability
scanner that is used in over 75,000 organizations
world-wide. The “Nessus” Project was started by
Renaud Deraison in 1998. It is a complete and
very useful network vulnerability scanner which
includes-high speed checks for thousand of the
most commonly updated vulnerabilities ,a wide
variety of scanning options, an easy to –use
interface, and effective reporting. It available in
different version for both Unix and Microsoft
based operating system.Nessus 5.0.2 is the
version used for Windows 7.
Nmap
It stands for “network map”. This open-source
scanner was developed by Fyodor . This is one of
the most popular port scanners that runs on
Unix/Linux machines. While Nmap was once a
Unix-only tool, a Windows version was released
in 2000 and has since become the second most
popular Nmap platform .
Metasploit
Metasploit was originally developed and
conceived by HD Moore while he was employed
by a security firm. When HD realized that he was
spending most of his time validating and
sanitizing public exploit code, he began to create
a flexible and maintainable framework for the
creation and development of exploits. He
released his first edition of the Perl-based
Metasploit in October 2003 with a total of 11
exploits. In this paper i have use Metasploit
software tool for port and vulnerability scanning.
IMPLEMENTATION OF METASPLOIT
Install Metaspoilt.
Then go to Metaspoilt->Framework-
>Armitage.
Connect to the default database of the
Windows.
Scan for IP address range.
Click on the IP address you found and
then scan for the open port and
application with the help of port
scanner embedded within the
Metaspoilt.
Now run NeXpose for vulnerability
scan and generate the reports.
Now go to the Armitage and press on
Attack and then click on Attack find.
Now check for every possible
exploitation.
4. CONCLUSION
Any system that is networked is exposed to risk
of attack. Open ports can increase that risk or
increase the chance of a successful attack.
Vulnerability scanners such as Nessus, Nmap,
and Metasploit may become part of the solution.
Steps taken to become aware of the issues, to
prepare systems for a hostile environment, to
monitor activity and behavior, and to prepare for
the future will all help to mitigate the threat.
Resources are available to further education,
tools are available to help manage the risks, and
the effort expended will pay dividends of
enhanced security for the network. The
techniques in this report will give us the basic
tools i will need to begin discovering
vulnerabilities.
ACKNOWLEDGEMENT
I express our sincere thanks to our teacher,
Assistant Professor Mr. Rupam Ku mar Sharma
for guiding us in critical reviews of demo and the
report .I owe a great deal of thanks for
providing us the necessary information and
correction when needed during the completion
of this report
I would also like to thank the supporting staff of
Computer Science Department, for their help and
cooperation throughout our project .
REFERENCES
[1] Sturat Krivis,port Knocking:Helpful or
Harmful ,An Exploration of Modern Network
Threats.
[2] Sunil vakharia, Nessus Scanning on
Windows Domain
[3] http://metasploit.com/development
[4] http://nmap.org/download.html
[5] JON ERICKSON, Hacking,2nd Edition The
Art of Exploitation

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
 
Malware
MalwareMalware
Malware
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
Network security
Network securityNetwork security
Network security
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical Infrastructure
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures                         -- Pruthvi Monarch Virus and its CounterMeasures                         -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
 
Malewareanalysis
Malewareanalysis Malewareanalysis
Malewareanalysis
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile Services
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
 
APT - Project
APT - Project APT - Project
APT - Project
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
 
Mitppt
MitpptMitppt
Mitppt
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threats
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
Malicious Software
Malicious SoftwareMalicious Software
Malicious Software
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
 

Destaque

Seminar bahasa_uswatun khasanah
Seminar bahasa_uswatun khasanahSeminar bahasa_uswatun khasanah
Seminar bahasa_uswatun khasanahDhita Candra
 
Motivation and winning
Motivation and winningMotivation and winning
Motivation and winningSlide2theLeft
 
Andrew slides
Andrew slidesAndrew slides
Andrew slidesrasumner
 
Buyers Today, Sellers Tomorrow: 8 Key Consumer Changes that MUST Drive Your M...
Buyers Today, Sellers Tomorrow: 8 Key Consumer Changes that MUST Drive Your M...Buyers Today, Sellers Tomorrow: 8 Key Consumer Changes that MUST Drive Your M...
Buyers Today, Sellers Tomorrow: 8 Key Consumer Changes that MUST Drive Your M...Jessica Grimes
 
I2r labs
I2r labsI2r labs
I2r labsi2rlabs
 
SEMINAR BAHASA_DHITA CANDRA PUSPITA
SEMINAR BAHASA_DHITA CANDRA PUSPITASEMINAR BAHASA_DHITA CANDRA PUSPITA
SEMINAR BAHASA_DHITA CANDRA PUSPITADhita Candra
 
Vanguard Creations - Product Brochure 2013
Vanguard Creations - Product Brochure 2013Vanguard Creations - Product Brochure 2013
Vanguard Creations - Product Brochure 2013VANGUARD CREATIONS
 
Women's in Open Source(Mozilla)
Women's in Open Source(Mozilla)Women's in Open Source(Mozilla)
Women's in Open Source(Mozilla)khansara9419
 
Info class2
Info class2Info class2
Info class2clanmort
 

Destaque (14)

Seminar bahasa_uswatun khasanah
Seminar bahasa_uswatun khasanahSeminar bahasa_uswatun khasanah
Seminar bahasa_uswatun khasanah
 
Mozbird13
Mozbird13Mozbird13
Mozbird13
 
Motivation and winning
Motivation and winningMotivation and winning
Motivation and winning
 
Andrew slides
Andrew slidesAndrew slides
Andrew slides
 
Exploring geography
Exploring geographyExploring geography
Exploring geography
 
Booklet ipdev scales up
Booklet ipdev scales upBooklet ipdev scales up
Booklet ipdev scales up
 
Buyers Today, Sellers Tomorrow: 8 Key Consumer Changes that MUST Drive Your M...
Buyers Today, Sellers Tomorrow: 8 Key Consumer Changes that MUST Drive Your M...Buyers Today, Sellers Tomorrow: 8 Key Consumer Changes that MUST Drive Your M...
Buyers Today, Sellers Tomorrow: 8 Key Consumer Changes that MUST Drive Your M...
 
I2r labs
I2r labsI2r labs
I2r labs
 
SEMINAR BAHASA_DHITA CANDRA PUSPITA
SEMINAR BAHASA_DHITA CANDRA PUSPITASEMINAR BAHASA_DHITA CANDRA PUSPITA
SEMINAR BAHASA_DHITA CANDRA PUSPITA
 
Perfil MJC_EN
Perfil MJC_ENPerfil MJC_EN
Perfil MJC_EN
 
Vanguard Creations - Product Brochure 2013
Vanguard Creations - Product Brochure 2013Vanguard Creations - Product Brochure 2013
Vanguard Creations - Product Brochure 2013
 
Women's in Open Source(Mozilla)
Women's in Open Source(Mozilla)Women's in Open Source(Mozilla)
Women's in Open Source(Mozilla)
 
TITANIC
TITANICTITANIC
TITANIC
 
Info class2
Info class2Info class2
Info class2
 

Semelhante a Open port vulnerability

The Security Of Information Security
The Security Of Information SecurityThe Security Of Information Security
The Security Of Information SecurityRachel Phillips
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Is3110 Lab 5 Essay
Is3110 Lab 5 EssayIs3110 Lab 5 Essay
Is3110 Lab 5 EssayTammy Davis
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorUltraUploader
 
Network security
Network securityNetwork security
Network securityfatimasaham
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Setia Juli Irzal Ismail
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...MohamedOmerMusa
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 

Semelhante a Open port vulnerability (20)

The Security Of Information Security
The Security Of Information SecurityThe Security Of Information Security
The Security Of Information Security
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Survey on Computer Worms
Survey on Computer WormsSurvey on Computer Worms
Survey on Computer Worms
 
IJET-V3I2P16
IJET-V3I2P16IJET-V3I2P16
IJET-V3I2P16
 
Is3110 Lab 5 Essay
Is3110 Lab 5 EssayIs3110 Lab 5 Essay
Is3110 Lab 5 Essay
 
185
185185
185
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
 
Network security
Network securityNetwork security
Network security
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
Metasploit
MetasploitMetasploit
Metasploit
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Internet security
Internet securityInternet security
Internet security
 

Último

Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 

Último (20)

Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 

Open port vulnerability

  • 1. OPEN PORT VULNERABILITIES Samaresh Debbarma , Dhrubajit Das , Tara Kumari Choudhudy Don Bosco College of Engineering and Technology Master of Computer Applications, Fourth Semester 2013 Guwahati-17,Azara Abstract- Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. This report help us to understand the effect of open port vulnerabilities and information on many software tools that are available to protect system from threats that may attack open ports and directly exploit a feature or vulnerability . Keywords: Networks; Vulnerability; Open port; Attack; 1. INTRODUCTION All systems connected to the Internet today can expect to be repeatedly probed for open ports. It is simply a fact of life that there will be attempts to detect and exploit vulnerabilities in hosts on the network. In order to be useful, a system may require some ports to be open. Many Internet applications expect to be able to connect to the open port associated with a service on a remote machine. Likewise, in order to manage a system, you normally need to be able to connect to it. These open ports can then be an entryway for attackers. Some threats attack an open port and then install a virus or trojan that can then act independently and cause damage. Viruses or trojans are generically called “malware. Threats may attack open ports and directly exploit a feature or vulnerability. E-mail servers keep port 25 open so that remote systems can connect and transfer mail messages. An attacker may connect to an e-mail server that does not protect against unauthorized relaying and employ the server for the sending of spam. Valuable system resources are being diverted to the purposes of the attacker and may cause damage to the system, degrade its performance. 2. OPENPORT VULNERABILITIES A port is the mechanism that allows a computer to simultaneously support multiple communication sessions with computers and programs on the network. A port is basically a refinement of an IP address; a computer that receives a packet from the network can further refine the destination of the packet by using a unique port number that is determined when the connection is established. A port is essentially a way for 2 devices to connect using a specific protocol. Each device has an IP address, but this only identifies the device on the network. The port is used to tell each device what kind of a connection will be made. Vulnerabilities are design flaws or mis- configurations that make your network (or a host on the network) susceptible to malicious attacks from local or remote users. Vulnerabilities can exist in several areas of your network, such as in the firewalls, FTP servers, Web servers, operating systems. Depending on the level of the security risk, the successful exploitation of vulnerability can vary from the disclosure of information about the host to a complete compromise of the host. Based on the type of vulnerability identified at open source distributed application we can classify themas follows: information vulnerabilities – due to inconsistent of source code many information can be offered to the attackers; physical vulnerabilities – defined as vulnerabilities which can exploit the main frame in which open source products are running to gain access to resources; processing vulnerabilities – given by the usage of untested instructions or processing sequences; communication vulnerabilities – due to bad implementation of communication protocols or to different forgotten aspects of communication. 3. MITIGATINGTHETHREAT With increasingly sophisticated attacks on the rise, the ability to quickly mitigate network vulnerabilities is imperative. Vulnerabilities if left undetected pose a serious security threat to
  • 2. enterprise systems and can leave vital corporate data exposed to attacks by hackers. For organizations, it means extended system downtimes and huge loss of revenue and productivity. These threats may be mitigated in various ways, such as: controlling access to the system, monitoring system activity, creating and enforcing policies. Many software tools are available to protect system from threats that may attack open ports and directly exploit a feature or vulnerability. Vulnerability scanners are automated tools used to identify security flaws affecting a given systemor application. Some the software tools that are used for port scanning and vulnerability are listed below: Nessus Nessus is the world’s most popular vulnerability scanner that is used in over 75,000 organizations world-wide. The “Nessus” Project was started by Renaud Deraison in 1998. It is a complete and very useful network vulnerability scanner which includes-high speed checks for thousand of the most commonly updated vulnerabilities ,a wide variety of scanning options, an easy to –use interface, and effective reporting. It available in different version for both Unix and Microsoft based operating system.Nessus 5.0.2 is the version used for Windows 7. Nmap It stands for “network map”. This open-source scanner was developed by Fyodor . This is one of the most popular port scanners that runs on Unix/Linux machines. While Nmap was once a Unix-only tool, a Windows version was released in 2000 and has since become the second most popular Nmap platform . Metasploit Metasploit was originally developed and conceived by HD Moore while he was employed by a security firm. When HD realized that he was spending most of his time validating and sanitizing public exploit code, he began to create a flexible and maintainable framework for the creation and development of exploits. He released his first edition of the Perl-based Metasploit in October 2003 with a total of 11 exploits. In this paper i have use Metasploit software tool for port and vulnerability scanning. IMPLEMENTATION OF METASPLOIT Install Metaspoilt. Then go to Metaspoilt->Framework- >Armitage. Connect to the default database of the Windows. Scan for IP address range. Click on the IP address you found and then scan for the open port and application with the help of port scanner embedded within the Metaspoilt. Now run NeXpose for vulnerability scan and generate the reports. Now go to the Armitage and press on Attack and then click on Attack find. Now check for every possible exploitation. 4. CONCLUSION Any system that is networked is exposed to risk of attack. Open ports can increase that risk or increase the chance of a successful attack. Vulnerability scanners such as Nessus, Nmap, and Metasploit may become part of the solution. Steps taken to become aware of the issues, to prepare systems for a hostile environment, to monitor activity and behavior, and to prepare for the future will all help to mitigate the threat. Resources are available to further education, tools are available to help manage the risks, and the effort expended will pay dividends of enhanced security for the network. The techniques in this report will give us the basic tools i will need to begin discovering vulnerabilities. ACKNOWLEDGEMENT I express our sincere thanks to our teacher, Assistant Professor Mr. Rupam Ku mar Sharma for guiding us in critical reviews of demo and the report .I owe a great deal of thanks for providing us the necessary information and correction when needed during the completion of this report I would also like to thank the supporting staff of Computer Science Department, for their help and cooperation throughout our project . REFERENCES [1] Sturat Krivis,port Knocking:Helpful or Harmful ,An Exploration of Modern Network Threats. [2] Sunil vakharia, Nessus Scanning on Windows Domain [3] http://metasploit.com/development
  • 3. [4] http://nmap.org/download.html [5] JON ERICKSON, Hacking,2nd Edition The Art of Exploitation