First page Back Continue Last page Summary Graphics

Targeted Scan


Targeted port scans look for specific vulnerabilities. The newer, more sophisticated tools attempt to identify the hardware, operating system, and software versions. These tools are designed to zero in on known vulnerabilities on specific targets.

Common targets are often individually probed as well as scanned. The hacker may be looking for a specific vulnerability, such as an insecure mail server or an open RPC portmap daemon.

telnet (23/tcp), smtp (25/tcp), pop-3 (110/tcp), sunrpc (111/udp/tcp), imap (143/tcp), snmp (161/udp), route (520/udp) and mount (635/udp) are favorite target ports. They represent some of the most potentially vulnerable openings to a system. Since these services are so common, they are good examples of why you want to either not offer them to the outside world, or else very carefully control outside access to these services.
Net BIOS (137, 138/tcp/udp, 139/tcp) and Net bus (12345/tcp), probes are tediously common. They pose no threat to a UNIX system. The target is a Windows system in this case.