tailieunhanh - Open Source Security Tools : Practical Guide to Security Applications part 12

Open Source Security Tools : Practical Guide to Security Applications part 12. Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses. Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. | Page 89 Wednesday June 23 2004 11 53 PM Port Scanners 89 Table Common Server Ports Common Port Number Protocol Service 21 FTP File Transfer Protocol control port 22 SSH Secure Shell 23 Telnet Telnet 25 SMTP Mail service 53 DNS Domain name resolution 79 Finger Finger 80 HTTP Web service IFT- 135-139 NetBIOS Windows network communications 443 SSL Secure Web service were to open two browsers at the same time your computer would create two separate port numbers to connect on for each browser session and the server would track them as separate connections. Just because a packet is labeled for port 80 nothing is stopping it from having data other than Web traffic. The port number system depends on a certain honesty from the machines it is communicating with and that s where the trouble can come in. In fact many applications such as instant messaging and peer-to-peer software programs which might normally be blocked at a company s firewall will flout this convention and sneak through on port 80. Most firewalls will allow traffic on port 80 because they are configured to allow Web access for users behind the firewall. When a port is exposed on a computer it receives all traffic being sent to the port legitimate nor not. By sending malformed packets or packets with too much or incorrectly formatted data people can sometimes crash the underlying application redirect the flow of code inside the application and gain access to that machine illicitly. This is called a buffer overflow and these make up a large percentage of the security holes that exist today. Page 90 Wednesday June 23 2004 10 24 PM 90 Chapter 4 Port Scanners Buffer overflows happen when application programmers don t properly code their programs to handle data that overflows the memory space allotted to input variables. When the program receives input that exceeds the allotted buffer it can override internal program control and thereby give a hacker access to system-level .