×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Security, hacker detection & forensics FAQ

Small Network Security

Ports, IP addresses, and NAT by vesselescape
Posted: 10 Feb 03 (Edited 10 Feb 03)

What is "Port Scanning"?


Port Scanning is one of the most popular reconnaissance techniques attackers use to discover services they can break into. All machines connected to a Local Area Network (LAN) or Internet run many services that listen at well-known and not so well known ports. By port scanning the attacker finds which ports are available (i.e., what service might be listing to a port).  Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness.

You can go here, for more information on  port scanning:
http://www.auditmypc.com/freescan/readingroom/port_scanning.asp


Where can I get a list of  "Well Known Ports" there uses, and known exploits?


There are a number of port lists available, but remember these are only current on the day they are written, and subject to change. Here is one we have found to be a good starting point:
http://lists.gpick.com/portlist/portlist.htm


How can I hide my IP address?


The accessibility of your machine's IP address does not, in and of itself, represent any real security risk. In order for you to use the Internet at all, information must be able to find its way back to your computer. This requires a two-way path between your computer and remote machines. Your machine's unique IP address is the way data finds its way back to you.

It's true that this necessarily creates some degree of security vulnerability, but only as much as is absolutely
required for any sort of "connection" to remote resources on the Internet. The best thing to do is to be concerned and responsible about your machine's security



What is NAT  and how does it affect Network Security?


Note: The  NAT router  is accessible from the Internet and needs to be protected via a firewall or other means.! ! !

Every machine on the Internet is identified and located using a unique IP address. This allows returning data to be routed to the proper machine by its address. But, this straightforward system has since been enhanced in an important way known as Network Address Translation or NAT.

In a NAT-based system, a single IP address represents the NAT router . . . behind which can lie an entire private network of machines. The machines on this private network (behind the NAT router) use IP addresses that have been set aside for just this purpose. They generally start with 192.168.x.x or 10.x.x.x. These address ranges are not used by regular machines on the Internet so that any machines on the private network can know that they're talking amongst themselves.

When one of the machines behind the NAT router needs to contact resources on the public Internet, the request is routed through the NAT router (since that's what connects the machines to the Internet). The NAT router reformats the outgoing data packet so that it appears to originate from IT, instead of the actual originating machine, and sends it on its way. Then the data returns the process is reversed and the data packet is sent to the originating machine on the private network. Thus, when viewed from the perspective of the external public Internet, all of the machines behind the NAT router appear to be a single machine with that one (NAT router) IP address.

A single firewall on the NAT router provides an intial point of defense for the entire network. This assumes that the rest of the network machines have no other access to the internet other than via the NAT router.

For additional NAT info go here: http://www.securitydogs.com/nat_library.html

Back to Security, hacker detection & forensics FAQ Index
Back to Security, hacker detection & forensics Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close