I know that port scanning is a fundamental intruder tool. If intruders can find the open ports on a computer system, they can better mount an attack. By the same token, if I know my systems' vulnerable ports, I can better define necessary firewall policy rules. I want to find the open ports on my organization's Web servers. Which tools (preferably freeware) can you recommend?
First, if you have local access to your Web servers, you don't necessarily need a remote port-scanning tool. Windows includes the Netstat (netstat.exe) tool—a command-line tool that finds the open ports on a system. Type
netstat a
at the command line to bring up all listening ports and connections. If you want to speed Netstat's execution, add the n switch to the command to switch off address conversion, as Figure 4, page 13, shows.
If you don't have local access to your Web servers, you can use one of the freeware port scanners that Table 1, page 13, shows. Some of the scanners, such as Foundstone's SuperScan 3.0 tool that Figure 5 shows, have a GUI. Other scanners, such as Foundstone's FScan 1.12 tool that Figure 6 shows, are command-line tools. Scanners support TCP port scanning, UDP port scanning, or both. As Table 1 shows, fewer scanning tools support UDP port scanning. eEye Digital Security's nmapNT, the Windows version of the well-known nmap UNIX scanning tool, is a recent addition to the list of freeware Windows NT port-scanning tools. For more information about port scanners, see Chapter 2 of Joel Scambray, Stuart McClure, and George Kurtz's Hacking Exposed: Network Security Secrets & Solutions, 2nd edition (McGraw-Hill/Osborne Media, 2000).
