Page 513 - StudyBook.pdf
P. 513
Infrastructure Security: System Hardening • Chapter 8 497
Interesting ports on VENUS (192.168.1.20):
(The 1596 ports scanned but not shown below are in state: filtered)
Port State Service
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds
Interesting ports on PLUTO (192.168.1.21):
(The 1596 ports scanned but not shown below are in state: filtered)
Port State Service
21/tcp open ftp
80/tcp open http
139/tcp open netbios-ssn
515/tcp open printer
Interesting ports on (192.168.1.25):
(The 1598 ports scanned but not shown below are in state: filtered)
Port State Service
23/tcp open Telnet
69/udp open tftp
80/tcp open http
Nmap run completed -- 254 IP addresses (6 hosts up) scanned in 2528 seconds
In the example shown above, notice how you can see the ports that
were identified on each system. While this is the same type of tool that
would be used by an attacker, it’s also a valuable tool for the security
professional. You can see from the example that there are a number of
ports open on each of the hosts that were probed. (Note that these
machines are in an internal network, so some of them are allowed.)
The question as to should the ports be open should lead us back to
our earlier discussion of policy and risk assessment. If nothing else this
type of tool can allow us to see if our harden activities have worked and
verify that no one has opened services on a system that is not allowed.
Even for ports that are allowed and have been identified by scanning
tools, decisions must be made as to which of these ports are likely to be
vulnerable, and then the risks of the vulnerability weighed against the
www.syngress.com
