Open The port is open on the remote system and there is an application that is actively  accepting connections on that port. Closed

Performing Vulnerability Assessments 
671
The nmap software then began a port scan of the system with IP address 52.4.85.159. 
The
–vv
fl ag specifi ed with the command simply tells nmap to use verbose mode, report-
ing detailed output of its results. The results of the scan, appearing toward the bottom 
of Figure 15.1 , indicate that nmap found three active ports on the system: 22, 80, and 
443. Ports 22 and 80 are open, indicating that the system is actively accepting connection 
requests on those ports. Port 443 is closed, meaning that the fi rewall contains rules allow-
ing connection attempts on that port but the system is not running an application confi g-
ured to accept those connections. 
To interpret these results, you must know the use of common network ports, as dis-
cussed in Chapter 12, “Secure Communications and Network Attacks.” Let’s walk through 
the results of this nmap scan: 
■
The first line of the port listing,
22/tcp open ssh
, indicates that the system accepts 
connections on TCP port 22. The Secure Shell (SSH) service uses this port to allow 
administrative connections to servers. 
■
The second line of the port listing,
80/tcp open http
, indicates that the system is 
accepting connection requests on port 80, which is used by Hypertext Transfer Protocol 
(HTTP) to deliver web pages. 
■
The final line of the port listing,
443/tcp closed https
, indicates that a firewall rule 
exists to allow access to port 443 but no service is listening on that port. Port 443 is 
used by the Hypertext Transfer Protocol Secure (HTTPS) protocol to accept encrypted 
web server connections.
What can we learn from these results? The system being scanned is probably a web 
server that is openly accepting connection requests from the scanned system. The fi rewalls 
between the scanner and this system are confi gured to allow both secure (port 443) and 
insecure (port 80) connections, but the server is not set up to actually perform encrypted 
transactions. The server also has an administrative port open that may allow command-
line connections. 
Port scanners, network vulnerability scanners, and web vulnerability scan-
ners use a technique called
banner grabbing
to identify the variant and ver-
sion of a service running on a system. This technique opens a connection 
to the service and reads the details provided on the welcome screen, or 
banner, to assist with version fingerprinting.
An attacker reading these results would probably make a few observations about the sys-
tem that would lead to some further probing: 
■
Pointing a web browser at this server would likely give a good idea of what the server 
does and who operates it. Simply typing

Download 19,3 Mb.

Do'stlaringiz bilan baham: