Open port vulnerability

Open port vulnerability

• 1.
  OPEN PORT VULNERABILITIES SamareshDebbarma , Dhrubajit Das , Tara Kumari Choudhudy Don Bosco College of Engineering and Technology Master of Computer Applications, Fourth Semester 2013 Guwahati-17,Azara Abstract- Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. This report help us to understand the effect of open port vulnerabilities and information on many software tools that are available to protect system from threats that may attack open ports and directly exploit a feature or vulnerability . Keywords: Networks; Vulnerability; Open port; Attack; 1. INTRODUCTION All systems connected to the Internet today can expect to be repeatedly probed for open ports. It is simply a fact of life that there will be attempts to detect and exploit vulnerabilities in hosts on the network. In order to be useful, a system may require some ports to be open. Many Internet applications expect to be able to connect to the open port associated with a service on a remote machine. Likewise, in order to manage a system, you normally need to be able to connect to it. These open ports can then be an entryway for attackers. Some threats attack an open port and then install a virus or trojan that can then act independently and cause damage. Viruses or trojans are generically called “malware. Threats may attack open ports and directly exploit a feature or vulnerability. E-mail servers keep port 25 open so that remote systems can connect and transfer mail messages. An attacker may connect to an e-mail server that does not protect against unauthorized relaying and employ the server for the sending of spam. Valuable system resources are being diverted to the purposes of the attacker and may cause damage to the system, degrade its performance. 2. OPENPORT VULNERABILITIES A port is the mechanism that allows a computer to simultaneously support multiple communication sessions with computers and programs on the network. A port is basically a refinement of an IP address; a computer that receives a packet from the network can further refine the destination of the packet by using a unique port number that is determined when the connection is established. A port is essentially a way for 2 devices to connect using a specific protocol. Each device has an IP address, but this only identifies the device on the network. The port is used to tell each device what kind of a connection will be made. Vulnerabilities are design flaws or mis- configurations that make your network (or a host on the network) susceptible to malicious attacks from local or remote users. Vulnerabilities can exist in several areas of your network, such as in the firewalls, FTP servers, Web servers, operating systems. Depending on the level of the security risk, the successful exploitation of vulnerability can vary from the disclosure of information about the host to a complete compromise of the host. Based on the type of vulnerability identified at open source distributed application we can classify themas follows: information vulnerabilities – due to inconsistent of source code many information can be offered to the attackers; physical vulnerabilities – defined as vulnerabilities which can exploit the main frame in which open source products are running to gain access to resources; processing vulnerabilities – given by the usage of untested instructions or processing sequences; communication vulnerabilities – due to bad implementation of communication protocols or to different forgotten aspects of communication. 3. MITIGATINGTHETHREAT With increasingly sophisticated attacks on the rise, the ability to quickly mitigate network vulnerabilities is imperative. Vulnerabilities if left undetected pose a serious security threat to
• 2.
  enterprise systems andcan leave vital corporate data exposed to attacks by hackers. For organizations, it means extended system downtimes and huge loss of revenue and productivity. These threats may be mitigated in various ways, such as: controlling access to the system, monitoring system activity, creating and enforcing policies. Many software tools are available to protect system from threats that may attack open ports and directly exploit a feature or vulnerability. Vulnerability scanners are automated tools used to identify security flaws affecting a given systemor application. Some the software tools that are used for port scanning and vulnerability are listed below: Nessus Nessus is the world’s most popular vulnerability scanner that is used in over 75,000 organizations world-wide. The “Nessus” Project was started by Renaud Deraison in 1998. It is a complete and very useful network vulnerability scanner which includes-high speed checks for thousand of the most commonly updated vulnerabilities ,a wide variety of scanning options, an easy to –use interface, and effective reporting. It available in different version for both Unix and Microsoft based operating system.Nessus 5.0.2 is the version used for Windows 7. Nmap It stands for “network map”. This open-source scanner was developed by Fyodor . This is one of the most popular port scanners that runs on Unix/Linux machines. While Nmap was once a Unix-only tool, a Windows version was released in 2000 and has since become the second most popular Nmap platform . Metasploit Metasploit was originally developed and conceived by HD Moore while he was employed by a security firm. When HD realized that he was spending most of his time validating and sanitizing public exploit code, he began to create a flexible and maintainable framework for the creation and development of exploits. He released his first edition of the Perl-based Metasploit in October 2003 with a total of 11 exploits. In this paper i have use Metasploit software tool for port and vulnerability scanning. IMPLEMENTATION OF METASPLOIT Install Metaspoilt. Then go to Metaspoilt->Framework- >Armitage. Connect to the default database of the Windows. Scan for IP address range. Click on the IP address you found and then scan for the open port and application with the help of port scanner embedded within the Metaspoilt. Now run NeXpose for vulnerability scan and generate the reports. Now go to the Armitage and press on Attack and then click on Attack find. Now check for every possible exploitation. 4. CONCLUSION Any system that is networked is exposed to risk of attack. Open ports can increase that risk or increase the chance of a successful attack. Vulnerability scanners such as Nessus, Nmap, and Metasploit may become part of the solution. Steps taken to become aware of the issues, to prepare systems for a hostile environment, to monitor activity and behavior, and to prepare for the future will all help to mitigate the threat. Resources are available to further education, tools are available to help manage the risks, and the effort expended will pay dividends of enhanced security for the network. The techniques in this report will give us the basic tools i will need to begin discovering vulnerabilities. ACKNOWLEDGEMENT I express our sincere thanks to our teacher, Assistant Professor Mr. Rupam Ku mar Sharma for guiding us in critical reviews of demo and the report .I owe a great deal of thanks for providing us the necessary information and correction when needed during the completion of this report I would also like to thank the supporting staff of Computer Science Department, for their help and cooperation throughout our project . REFERENCES [1] Sturat Krivis,port Knocking:Helpful or Harmful ,An Exploration of Modern Network Threats. [2] Sunil vakharia, Nessus Scanning on Windows Domain [3] http://metasploit.com/development
• 3.
  [4] http://nmap.org/download.html [5] JONERICKSON, Hacking,2nd Edition The Art of Exploitation