Network administrators can use this information to make sure that Mac computers and other Apple devices can connect to services such as the App Store and Apple's software-update servers.
This will scan the 10.x.x.x subnet, all 16 million addresses, scan port 80 and the range 8000 to 8100, or 102 addresses total, and print output to that can be redirected to a file. To see the complete list of options, use the -echo feature. This dumps the current configuration and exits. This output can be used as input back into the program. 192.168.1.1-254 tells Nmap to scan the entire 192.168.1.x subnet. Using port scanning tools. Most port scanners operate in three steps: The port scanner sends TCP SYN requests to the host or range of hosts you set it to scan. Some port scanners perform ping sweeps to determine which hosts are available before starting the TCP port scans.
Ports used by Apple products
- May 20, 2014 Mac OS X comes with a bundled port scanner tool, just one of a variety of features tucked into the ever useful Network Utility app. That means you don’t need to bother with the command line or install more advanced tools like nmap to quickly scan for open ports on a given IP or domain, instead you can do it all through the friendly graphical interface.
- Advanced Port Scanner by Famatech International Corp. Is a piece of software that can scan your network, find all of the opened ports and display their activity. Although Advanced Port Scanner for Mac is not available on the Internet, there are several other applications you can use to scan ports on Mac.
This is a quick-reference guide showing common examples, not a comprehensive list of ports. This guide is updated periodically with information available at the time of publication.
Some software might use different ports and services, so it can be helpful to use port-watching software when deciding how to set up firewalls or similar access-control schemes.
Some services might use more than one of these ports. For example, a VPN service can use up to four different ports. When you find a product in this list, search (Command-F) in your browser for that name, then repeat your search (Command-G) to locate all occurrences of that product.
Some firewalls allow selective configuration of UDP or TCP ports with the same number, so it's important to know the type of port you're configuring. For example, NFS can use TCP 2049, UDP 2049, or both. If your firewall doesn't allow you to specify the type of port, configuring one type of port probably configures the other.
| Port | TCP or UDP | Service or protocol name1 | RFC2 | Service name3 | Used by |
|---|---|---|---|---|---|
| 7 | TCP/UDP | echo | 792 | echo | — |
| 20 | TCP | File Transport Protocol (FTP) | 959 | ftp-data | — |
| 21 | TCP | FTP control | 959 | ftp | — |
| 22 | TCP | Secure Shell (SSH), SSH File Transfer Protocol (SFTP), and Secure copy (scp) | 4253 | ssh | Xcode Server (hosted and remote Git+SSH; remote SVN+SSH) |
| 23 | TCP | Telnet | 854 | telnet | — |
| 25 | TCP | Simple Mail Transfer Protocol (SMTP) | 5321 | smtp | Mail (sending email); iCloud Mail (sending email) |
| 53 | TCP/UDP | Domain Name System (DNS) | 1034 | domain | — |
| 67 | UDP | Bootstrap Protocol Server (BootP, bootps) | 951 | bootps | NetBoot via DHCP |
| 68 | UDP | Bootstrap Protocol Client (bootpc) | 951 | bootpc | NetBoot via DHCP |
| 69 | UDP | Trivial File Transfer Protocol (TFTP) | 1350 | tftp | — |
| 79 | TCP | Finger | 1288 | finger | — |
| 80 | TCP | Hypertext Transfer Protocol (HTTP) | 2616 | http | World Wide Web, FaceTime, iMessage, iCloud, QuickTime Installer, Maps, iTunes U, Apple Music, iTunes Store, Podcasts, Internet Radio, Software Update (OS X Lion or earlier), Mac App Store, RAID Admin, Backup, Calendar, WebDAV, Final Cut Server, AirPlay, macOS Internet Recovery, Profile Manager, Xcode Server (Xcode app, hosted and remote Git HTTP, remote SVN HTTP) |
| 88 | TCP | Kerberos | 4120 | kerberos | Kerberos, including Screen Sharing authentication |
| 106 | TCP | Password Server (unregistered use) | — | 3com-tsmux | macOS Server Password Server |
| 110 | TCP | Post Office Protocol (POP3), Authenticated Post Office Protocol (APOP) | 1939 | pop3 | Mail (receiving email) |
| 111 | TCP/UDP | Remote Procedure Call (RPC) | 1057, 1831 | sunrpc | Portmap (sunrpc) |
| 113 | TCP | Identification Protocol | 1413 | ident | — |
| 119 | TCP | Network News Transfer Protocol (NNTP) | 3977 | nntp | Apps that read newsgroups. |
| 123 | UDP | Network Time Protocol (NTP) | 1305 | ntp | Date & Time preferences, network time server synchronization, Apple TV network time server sync |
| 137 | UDP | Windows Internet Naming Service (WINS) | — | netbios-ns | — |
| 138 | UDP | NETBIOS Datagram Service | — | netbios-dgm | Windows Datagram Service, Windows Network Neighborhood |
| 139 | TCP | Server Message Block (SMB) | — | netbios-ssn | Microsoft Windows file and print services, such as Windows Sharing in macOS |
| 143 | TCP | Internet Message Access Protocol (IMAP) | 3501 | imap | Mail (receiving email) |
| 161 | UDP | Simple Network Management Protocol (SNMP) | 1157 | snmp | — |
| 192 | UDP | OSU Network Monitoring System | — | osu-nms | AirPort Base Station PPP status or discovery (certain configurations), AirPort Admin Utility, AirPort Express Assistant |
| 311 | TCP | Secure server administration | — | asip-webadmin | Server app, Server Admin, Workgroup Manager, Server Monitor, Xsan Admin |
| 312 | TCP | Xsan administration | — | vslmp | Xsan Admin (OS X Mountain Lion v10.8 and later) |
| 389 | TCP | Lightweight Directory Access Protocol (LDAP) | 4511 | ldap | Apps that look up addresses, such as Mail and Address Book |
| 427 | TCP/UDP | Service Location Protocol (SLP) | 2608 | svrloc | Network Browser |
| 443 | TCP | Secure Sockets Layer (SSL or HTTPS) | 2818 | https | TLS websites, iTunes Store, Software Update (OS X Mountain Lion and later), Spotlight Suggestions, Mac App Store, Maps, FaceTime, Game Center, iCloud authentication and DAV Services (Contacts, Calendars, Bookmarks), iCloud backup and apps (Calendars, Contacts, Find My iPhone, Find My Friends, Mail, iMessage, Documents & Photo Stream), iCloud Key Value Store (KVS), iPhoto Journals, AirPlay, macOS Internet Recovery, Profile Manager, Dictation, Siri, Xcode Server (hosted and remote Git HTTPS, remote SVN HTTPS, Apple Developer registration), Push notifications (if necessary) |
| 445 | TCP | Microsoft SMB Domain Server | — | microsoft-ds | — |
| 464 | TCP/UDP | kpasswd | 3244 | kpasswd | — |
| 465 | TCP | Message Submission for Mail (Authenticated SMTP) | smtp (legacy) | Mail (sending mail) | |
| 500 | UDP | ISAKMP/IKE | 2408 | isakmp | macOS Server VPN service |
| 500 | UDP | Wi-Fi Calling | 5996 | IKEv2 | Wi-Fi Calling |
| 514 | TCP | shell | — | shell | — |
| 514 | UDP | Syslog | — | syslog | — |
| 515 | TCP | Line Printer (LPR), Line Printer Daemon (LPD) | — | printer | Printing to a network printer, Printer Sharing in macOS |
| 532 | TCP | netnews | — | netnews | — |
| 548 | TCP | Apple Filing Protocol (AFP) over TCP | — | afpovertcp | AppleShare, Personal File Sharing, Apple File Service |
| 554 | TCP/UDP | Real Time Streaming Protocol (RTSP) | 2326 | rtsp | AirPlay, QuickTime Streaming Server (QTSS), streaming media players |
| 587 | TCP | Message Submission for Mail (Authenticated SMTP) | 4409 | submission | Mail (sending mail), iCloud Mail (SMTP authentication) |
| 600–1023 | TCP/UDP | Mac OS X RPC-based services | — | ipcserver | NetInfo |
| 623 | UDP | Lights-Out-Monitoring | — | asf-rmcp | Lights Out Monitoring (LOM) feature of Intel-based Xserve computers, Server Monitor |
| 625 | TCP | Open Directory Proxy (ODProxy) (unregistered use) | — | dec_dlm | Open Directory, Server app, Workgroup Manager; Directory Services in OS X Lion or earlier This port is registered to DEC DLM |
| 626 | TCP | AppleShare Imap Admin (ASIA) | — | asia | IMAP administration (Mac OS X Server v10.2.8 or earlier) |
| 626 | UDP | serialnumberd (unregistered use) | — | asia | Server serial number registration (Xsan, Mac OS X Server v10.3 – v10.6) |
| 631 | TCP | Internet Printing Protocol (IPP) | 2910 | ipp | macOS Printer Sharing, printing to many common printers |
| 636 | TCP | Secure LDAP | — | ldaps | — |
| 660 | TCP | Server administration | — | mac-srvr-admin | Server administration tools for Mac OS X Server v10.4 or earlier, including AppleShare IP |
| 687 | TCP | Server administration | — | asipregistry | Server administration tools for Mac OS X Server v10.6 or earlier, including AppleShare IP |
| 749 | TCP/UDP | Kerberos 5 admin/changepw | — | kerberos-adm | — |
| 985 | TCP | NetInfo Static Port | — | — | — |
| 993 | TCP | Mail IMAP SSL | — | imaps | iCloud Mail (SSL IMAP) |
| 995 | TCP/UDP | Mail POP SSL | — | pop3s | — |
| 1085 | TCP/UDP | WebObjects | — | webobjects | — |
| 1099, 8043 | TCP | Remote RMI and IIOP Access to JBOSS | — | rmiregistry | — |
| 1220 | TCP | QT Server Admin | — | qt-serveradmin | Administration of QuickTime Streaming Server |
| 1640 | TCP | Certificate Enrollment Server | — | cert-responder | Profile Manager in macOS Server 5.2 and earlier |
| 1649 | TCP | IP Failover | — | kermit | — |
| 1701 | UDP | L2TP | — | l2f | macOS Server VPN service |
| 1723 | TCP | PPTP | — | pptp | macOS Server VPN service |
| 1900 | UDP | SSDP | — | ssdp | Bonjour |
| 2049 | TCP/UDP | Network File System (NFS) (version 3 and 4) | 3530 | nfsd | — |
| 2195 | TCP | Apple Push Notification Service (APNS) | — | — | Push notifications |
| 2196 | TCP | Apple Push Notification Service (APNS) | — | — | Feedback service |
| 2197 | TCP | Apple Push Notification Service (APNS) | — | — | Push notifications |
| 2336 | TCP | Mobile account sync | — | appleugcontrol | Home directory synchronization |
| 3004 | TCP | iSync | — | csoftragent | — |
| 3031 | TCP/UDP | Remote AppleEvents | — | eppc | Program Linking, Remote Apple Events |
| 3283 | TCP/UDP | Net Assistant | — | net-assistant | Apple Remote Desktop 2.0 or later (Reporting feature), Classroom app (command channel) |
| 3284 | TCP/UDP | Net Assistant | — | net-assistant | Classroom app (document sharing) |
| 3306 | TCP | MySQL | — | mysql | — |
| 3478–3497 | UDP | — | — | nat-stun-port - ipether232port | FaceTime, Game Center |
| 3632 | TCP | Distributed compiler | — | distcc | — |
| 3659 | TCP/UDP | Simple Authentication and Security Layer (SASL) | — | apple-sasl | macOS Server Password Server |
| 3689 | TCP | Digital Audio Access Protocol (DAAP) | — | daap | iTunes Music Sharing, AirPlay |
| 3690 | TCP/UDP | Subversion | — | svn | Xcode Server (anonymous remote SVN) |
| 4111 | TCP | XGrid | — | xgrid | — |
| 4398 | UDP | — | — | — | Game Center |
| 4488 | TCP | Apple Wide Area Connectivity Service | awacs-ice | ||
| 4500 | UDP | IPsec NAT Traversal | 4306 | ipsec-msft | macOS Server VPN service |
| 4500 | UDP | Wi-Fi Calling | 5996 | IKEv2 | Wi-Fi Calling |
| 5003 | TCP | FileMaker - name binding and transport | — | fmpro-internal | — |
| 5009 | TCP | (unregistered use) | — | winfs | AirPort Utility, AirPort Express Assistant |
| 5100 | TCP | — | — | socalia | macOS camera and scanner sharing |
| 5222 | TCP | XMPP (Jabber) | 3920 | jabber-client | Jabber messages |
| 5223 | TCP | Apple Push Notification Service (APNS) | — | — | iCloud DAV Services (Contacts, Calendars, Bookmarks), Push Notifications, FaceTime, iMessage, Game Center, Photo Stream |
| 5228 | TCP | — | — | — | Spotlight Suggestions, Siri |
| 5297 | TCP | — | — | — | Messages (local traffic) |
| 5350 | UDP | NAT Port Mapping Protocol Announcements | — | — | Bonjour |
| 5351 | UDP | NAT Port Mapping Protocol | — | nat-pmp | Bonjour |
| 5353 | UDP | Multicast DNS (MDNS) | 3927 | mdns | Bonjour, AirPlay, Home Sharing, Printer Discovery |
| 5432 | TCP | PostgreSQL | — | postgresql | Can be enabled manually in OS X Lion Server (previously enabled by default for ARD 2.0 Database) |
| 5897–5898 | UDP | (unregistered use) | — | — | xrdiags |
| 5900 | TCP | Virtual Network Computing (VNC) (unregistered use) | — | vnc-server | Apple Remote Desktop 2.0 or later (Observe/Control feature) Screen Sharing (Mac OS X 10.5 or later) |
| 5988 | TCP | WBEM HTTP | — | wbem-http | Apple Remote Desktop 2.x See also dmtf.org/standards/wbem. |
| 6970–9999 | UDP | — | — | — | QuickTime Streaming Server |
| 7070 | TCP | RTSP (unregistered use), Automatic Router Configuration Protocol (ARCP) | — | arcp | QuickTime Streaming Server (RTSP) |
| 7070 | UDP | RTSP alternate | — | arcp | QuickTime Streaming Server |
| 8000–8999 | TCP | — | — | irdmi | Web service, iTunes Radio streams |
| 8005 | TCP | Tomcat remote shutdown | — | — | — |
| 8008 | TCP | iCal service | — | http-alt | Mac OS X Server v10.5 or later |
| 8080 | TCP | Alternate port for Apache web service | — | http-alt | Also JBOSS HTTP in Mac OS X Server 10.4 or earlier |
| 8085–8087 | TCP | Wiki service | — | — | Mac OS X Server v10.5 or later |
| 8088 | TCP | Software Update service | — | radan-http | Mac OS X Server v10.4 or later |
| 8089 | TCP | Web email rules | — | — | Mac OS X Server v10.6 or later |
| 8096 | TCP | Web Password Reset | — | — | Mac OS X Server v10.6.3 or later |
| 8170 | TCP | HTTPS (web service/site) | — | — | Podcast Capture/podcast CLI |
| 8171 | TCP | HTTP (web service/site) | — | — | Podcast Capture/podcast CLI |
| 8175 | TCP | Pcast Tunnel | — | — | pcastagentd (such as for control operations and camera) |
| 8443 | TCP | iCal service (SSL) | — | pcsync-https | Mac OS X Server v10.5 or later (JBOSS HTTPS in Mac OS X Server 10.4 or earlier) |
| 8800 | TCP | Address Book service | — | sunwebadmin | Mac OS X Server v10.6 or later |
| 8843 | TCP | Address Book service (SSL) | — | — | Mac OS X Server v10.6 or later |
| 8821, 8826 | TCP | Stored | — | — | Final Cut Server |
| 8891 | TCP | ldsd | — | — | Final Cut Server (data transfers) |
| 9006 | TCP | Tomcat standalone | — | — | Mac OS X Server v10.6 or earlier |
| 9100 | TCP | Printing | — | — | Printing to certain network printers |
| 9418 | TCP/UDP | git pack transfer | — | git | Xcode Server (remote git) |
| 10548 | TCP | Apple Document Sharing Service | — | serverdocs | macOS Server iOS file sharing |
| 11211 | — | memcached (unregistered use) | — | — | Calendar Server |
| 16080 | TCP | — | — | — | Web service with performance cache |
| 16384–16403 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | — | connected, — | Messages (Audio RTP, RTCP; Video RTP, RTCP) |
| 16384–16387 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | — | connected, — | FaceTime, Game Center |
| 16393–16402 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | — | — | FaceTime, Game Center |
| 16403–16472 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | — | — | Game Center |
| 24000–24999 | TCP | — | — | med-ltp | Web service with performance cache |
| 42000–42999 | TCP | — | — | — | iTunes Radio streams |
| 49152–65535 | TCP | Xsan | — | — | Xsan Filesystem Access |
| 49152– 65535 | UDP | — | — | — | |
| 50003 | — | FileMaker server service | — | — | — |
| 50006 | — | FileMaker helper service | — | — | — |
1. The service registered with the Internet Assigned Numbers Authority, except where noted as “unregistered use.”
Port Scanner For Os Xp
2. The number of a Request for Comment (RFC) document that defines the service or protocol. RFC documents are maintained by RFC Editor.
3. In the output of Terminal commands, the port number might be replaced by this Service Name, which is the label listed in /etc/services.
FaceTime is not available in all countries or regions.
Learn more
The application firewall in macOS is not a port-based firewall. It controls access by app, instead of by port.
A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.
A port scan or portscan is a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port; this is not a nefarious process in and of itself.[1] The majority of uses of a port scan are not attacks, but rather simple probes to determine services available on a remote machine.
To portsweep is to scan multiple hosts for a specific listening port. The latter is typically used to search for a specific service, for example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port 1433.[2]
Free Port Scanners
TCP/IP basics[edit]
The design and operation of the Internet is based on the Internet Protocol Suite, commonly also called TCP/IP. In this system, network services are referenced using two components: a host address and a port number. There are 65536 distinct and usable port numbers. Most services use a limited range of port numbers.
Some port scanners scan only the most common port numbers, or ports most commonly associated with vulnerable services, on a given host.
The result of a scan on a port is usually generalized into one of three categories:
- Open or Accepted: The host sent a reply indicating that a service is listening on the port.
- Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port.
- Filtered, Dropped or Blocked: There was no reply from the host.
Open ports present two vulnerabilities of which administrators must be wary:
- Security and stability concerns associated with the program responsible for delivering the service - Open ports.
- Security and stability concerns associated with the operating system that is running on the host - Open or Closed ports.
Filtered ports do not tend to present vulnerabilities.
Assumptions[edit]
All forms of port scanning rely on the assumption that the targeted host is compliant with RFC793 - Transmission Control Protocol. Although this is the case most of the time, there is still a chance a host might send back strange packets or even generate false positives when the TCP/IP stack of the host is non-RFC-compliant or has been altered. This is especially true for less common scan techniques that are OS-dependent (FIN scanning, for example).[3] The TCP/IP stack fingerprinting method also relies on these types of different network responses from a specific stimulus to guess the type of the operating system the host is running.
Types[edit]
TCP scanning[edit]
The simplest port scanners use the operating system's network functions and are generally the next option to go to when SYN is not a feasible option (described next). Nmap calls this mode connect scan, named after the Unix connect() system call. If a port is open, the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection to avoid performing a Denial-of-service attack.[3] Otherwise an error code is returned. This scan mode has the advantage that the user does not require special privileges. However, using the OS network functions prevents low-level control, so this scan type is less common. This method is 'noisy', particularly if it is a 'portsweep': the services can log the sender IP address and Intrusion detection systems can raise an alarm.
SYN scanning[edit]
SYN scan is another form of TCP scanning. Rather than using the operating system's network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as 'half-open scanning', because it never actually opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with an RST packet, closing the connection before the handshake is completed.[3] If the port is closed but unfiltered, the target will instantly respond with an RST packet.
The use of raw networking has several advantages, giving the scanner full control of the packets sent and the timeout for responses, and allowing detailed reporting of the responses. There is debate over which scan is less intrusive on the target host. SYN scan has the advantage that the individual services never actually receive a connection. However, the RST during the handshake can cause problems for some network stacks, in particular simple devices like printers. There are no conclusive arguments either way.
UDP scanning[edit]
UDP scanning is also possible, although there are technical challenges. UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. However, if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. Most UDP port scanners use this scanning method, and use the absence of a response to infer that a port is open. However, if a port is blocked by a firewall, this method will falsely report that the port is open. If the port unreachable message is blocked, all ports will appear open. This method is also affected by ICMP rate limiting.[4]
An alternative approach is to send application-specific UDP packets, hoping to generate an application layer response. For example, sending a DNS query to port 53 will result in a response, if a DNS server is present. This method is much more reliable at identifying open ports. However, it is limited to scanning ports for which an application specific probe packet is available. Some tools (e.g., nmap) generally have probes for less than 20 UDP services, while some commercial tools have as many as 70. In some cases, a service may be listening on the port, but configured not to respond to the particular probe packet.
ACK scanning[edit]
ACK scanning is one of the more unusual scan types, as it does not exactly determine whether the port is open or closed, but whether the port is filtered or unfiltered. This is especially good when attempting to probe for the existence of a firewall and its rulesets. Simple packet filtering will allow established connections (packets with the ACK bit set), whereas a more sophisticated stateful firewall might not.[5]
Window scanning[edit]
Rarely used because of its outdated nature, window scanning is fairly untrustworthy in determining whether a port is opened or closed. It generates the same packet as an ACK scan, but checks whether the window field of the packet has been modified. When the packet reaches its destination, a design flaw attempts to create a window size for the packet if the port is open, flagging the window field of the packet with 1's before it returns to the sender. Using this scanning technique with systems that no longer support this implementation returns 0's for the window field, labeling open ports as closed.[6]
FIN scanning[edit]
Since SYN scans are not surreptitious enough, firewalls are, in general, scanning for and blocking packets in the form of SYN packets.[3]FIN packets can bypass firewalls without modification. Closed ports reply to a FIN packet with the appropriate RST packet, whereas open ports ignore the packet on hand. This is typical behavior due to the nature of TCP, and is in some ways an inescapable downfall.[7]
Other scan types[edit]
Some more unusual scan types exist. These have various limitations and are not widely used. Nmap supports most of these.[5]
- X-mas and Null Scan - are similar to FIN scanning, but:[3]
- X-mas sends packets with FIN, URG and PUSH flags turned on like a Christmas tree
- Null sends a packet with no TCP flags set
- Protocol scan - determines what IP level protocols (TCP, UDP, GRE, etc.) are enabled.
- Proxy scan - a proxy (SOCKS or HTTP) is used to perform the scan. The target will see the proxy's IP address as the source. This can also be done using some FTP servers.
- Idle scan - Another method of scanning without revealing one's IP address, taking advantage of the predictable IP ID flaw.
- CatSCAN - Checks ports for erroneous packets.
- ICMP scan - determines if a host responds to ICMP requests, such as echo (ping), netmask, etc.
Port filtering by ISPs[edit]
Many Internet service providers restrict their customers' ability to perform port scans to destinations outside of their home networks. This is usually covered in the terms of service or acceptable use policy to which the customer must agree.[8][9] Some ISPs implement packet filters or transparent proxies that prevent outgoing service requests to certain ports. For example, if an ISP provides a transparent HTTP proxy on port 80, port scans of any address will appear to have port 80 open, regardless of the target host's actual configuration.
Ethics[edit]
The information gathered by a port scan has many legitimate uses including network inventory and the verification of the security of a network. Port scanning can, however, also be used to compromise security. Many exploits rely upon port scans to find open ports and send specific data patterns in an attempt to trigger a condition known as a buffer overflow. Such behavior can compromise the security of a network and the computers therein, resulting in the loss or exposure of sensitive information and the ability to do work.[3]
The threat level caused by a port scan can vary greatly according to the method used to scan, the kind of port scanned, its number, the value of the targeted host and the administrator who monitors the host. But a port scan is often viewed as a first step for an attack, and is therefore taken seriously because it can disclose much sensitive information about the host.[10]Despite this, the probability of a port scan alone followed by a real attack is small. The probability of an attack is much higher when the port scan is associated with a vulnerability scan.[11]
Legal implications[edit]
Because of the inherently open and decentralized architecture of the Internet, lawmakers have struggled since its creation to define legal boundaries that permit effective prosecution of cybercriminals. Cases involving port scanning activities are an example of the difficulties encountered in judging violations. Although these cases are rare, most of the time the legal process involves proving that an intent to commit a break-in or unauthorized access existed, rather than just the performance of a port scan:
- In June 2003, an Israeli, Avi Mizrahi, was accused by the Israeli authorities of the offense of attempting the unauthorized access of computer material. He had port scanned the Mossad website. He was acquitted of all charges on February 29, 2004. The judge ruled that these kinds of actions should not be discouraged when they are performed in a positive way.[12]
- A 17-year-old Finn was accused of attempted computer break-in by a major Finnish bank. On April 9, 2003, he was convicted of the charge by the Supreme Court of Finland and ordered to pay US$12,000 for the expense of the forensic analysis made by the bank. In 1998, he had port scanned the bank network in an attempt to access the closed network, but failed to do so.[13]
- In December 1999, Scott Moulton was arrested by the FBI and accused of attempted computer trespassing under Georgia's Computer Systems Protection Act and Computer Fraud and Abuse Act of America. At this time, his IT service company had an ongoing contract with Cherokee County of Georgia to maintain and upgrade the 911 center security. He performed several port scans on Cherokee County servers to check their security and eventually port scanned a web server monitored by another IT company, provoking a tiff which ended up in a tribunal. He was acquitted in 2000, the judge ruling there was no damage impairing the integrity and availability of the network.[14]
In 2006, the UK Parliament had voted an amendment to the Computer Misuse Act 1990 such that a person is guilty of an offence who 'makes, adapts, supplies or offers to supply any article knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3 [of the CMA]'.[15] Nevertheless, the area of effect of this amendment is blurred, and widely criticized by Security experts as such.[16]
Germany, with the Strafgesetzbuch § 202a,b,c also has a similar law, and the Council of the European Union has issued a press release stating they plan to pass a similar one too, albeit more precise.[17]
See also[edit]
References[edit]
- ^RFC 2828Internet Security Glossary
- ^http://support.microsoft.com/kb/313418
- ^ abcdefErikson, Jon (1977). HACKING the art of exploitation (2nd ed.). San Francisco: NoStarch Press. p. 264. ISBN1-59327-144-1.
- ^Messer, James (2007). Secrets of Network Cartography: A Comprehensive Guide to Nmap (2nd ed.). Archived from the original on 2016-05-16. Retrieved 2011-12-05.
- ^ ab'Port Scanning Techniques'. Nmap reference guide. 2001. Retrieved 2009-05-07.
- ^Messer, James (2007). Secrets of Network Cartography: A Comprehensive Guide to Nmap (2nd ed.). Archived from the original on 2006-02-01. Retrieved 2011-12-05.
- ^Maimon, Uriel (1996-11-08). 'Port Scanning without the SYN flag'. Phrack issue 49. Retrieved 2009-05-08.
- ^'Comcast Acceptable Use Policy'. Comcast. 2009-01-01. Archived from the original on 2009-04-23. Retrieved 2009-05-07.
- ^'BigPond Customer Terms'(PDF). Telstra. 2008-11-06. Archived from the original(PDF) on January 26, 2009. Retrieved 2009-05-08.
- ^Jamieson, Shaun (2001-10-08). 'The Ethics and Legality of Port Scanning'. SANS. Retrieved 2009-05-08.
- ^Cukier, Michel (2005). 'Quantifying Computer Security'(PDF). University of Maryland. Archived from the original(PDF) on 2009-08-24. Retrieved 2009-05-08.
- ^Hon. Abraham N. Tennenbaum (2004-02-29). 'Verdict in the case Avi Mizrahi vs. Israeli Police Department of Prosecution'(PDF). Archived from the original(PDF) on 2009-10-07. Retrieved 2009-05-08.
- ^Esa Halmari (2003). 'First ruling by the Supreme Court of Finland on attempted break-in'. Retrieved 2009-05-07.
- ^Poulsen, Kevin (2000-12-18). 'Port scans legal, judge says'. SecurityFocus. Retrieved 2009-05-08.
- ^UK Parliament (2006-01-25). 'Police and Justice Bill - Bill 119'. UK Parliament. Retrieved 2011-12-05.
- ^Leyden, John (2008-01-02). 'UK gov sets rules for hacker tool ban'. The Register. Retrieved 2009-05-08.
- ^'3096th Council meeting Press Release'(PDF). Council of the European Union. 2011-06-10. Retrieved 2011-12-05.
External links[edit]
- Port Scanning Techniques by Kris Katterjohn. Includes examples using Nmap and Hping.
- Port Scanning Unscanned by Ankit Fadia
- Teo, Lawrence (December, 2000). Network Probes Explained: Understanding Port Scans and Ping Sweeps. Linux Journal, Retrieved September 5, 2009, from Linuxjournal.com
댓글