Archived

This topic is now archived and is closed to further replies.

KalvinB

Security check

Recommended Posts

KalvinB    102
Now that I know how to use Winsock in VB, I''ve taken it upon myself to write a port scanner to look for holes in my system. Currently it tries to open a port and waits for a reponse then closes the connection and posts a message if it was successful. It takes about 1 sec to check a port (==9 hours for a full scan). Is there any way to speed that up? Besides checking multiple ports at once? Ben

Share this post


Link to post
Share on other sites
Guest Anonymous Poster   
Guest Anonymous Poster
I''ve tried port scanners before. They usually are multithreaded and have about 50 threads running at any one time. There might be a trick which allows you to check if a port is listening without connecting. Perhaps there is some state flag somewhere in windows.

Good Luck

-ddn

Share this post


Link to post
Share on other sites
Prefect    373
Uh, what about non-blocking sockets?

There''s no way to check if someone''s listening to a port on a remote computer apart from sending a SYN packet. Whether you do that through connect() or through raw sockets is up to you (raw sockets might be less straining for your PC''s resources).

If you''re locally on the computer, you can just run netstat -a. I don''t know what netstat actually does on Windows. On Linux, it''s implemented by cat''ing some files in the /proc filesystem.

cu,
Prefect

Share this post


Link to post
Share on other sites
kurifu    122
You need to use a non-blocking connection when you connect.

If you use a blocking it will idle until there is a connection, this is very time consuming unless you multithread every connection (which would be horrble on memory management for your purposes).

Use a non-blocking socket, and write a function that set wether a port responded. Get the port number the respoonded, and set that as true in an array.

After you are done, just scan your array for the ports that responded.. and voila.

Share this post


Link to post
Share on other sites
a person    118
just a word of advice. you should only be doing this as a learning expierence, since you really need to do a udp and tcp scan. there are even tricks to which use half connects and such which allow more accuarate/faster scanning. so dont feel safe just because you run your scan (though you should be pretty safe unless you download spyware/adware/trojans/virii).

now on to speed ups.

1. multithreading is a good idea, or at least multiple connects happening at once. try not to go over 25 simultanous connects though.

2. scan only ports with known services. this greatly reduces the amount of ports required in a scan.

good luck.

Share this post


Link to post
Share on other sites
KalvinB    102
How do I tell Winsock to connect with UDP or TCP? Or does it even care in VB?

I just need to set up the option to open a local port and it''ll work as an FTP client. Right now I can download web pages in plain text. I don''t know if that uses UDP and/or TCP though.

With the program you set a range of ports to check so you don''t have to check them all. It''s just a good idea.

Ben

Share this post


Link to post
Share on other sites
a person    118
now comes time to ask the question. why are you not research this stuff? What is your goal?

you can never make a connection using udp since its a connectionless system. for port lists please search google, its quite easy to find them. you do realize that scanning other machines is not a nice thing to do and wastes bandwidth. what i dont understand is how you can understand the ftp and http protocals, yet not understand the difference between udp and tcp nor how to even setup winsock. my guess its the VB winsock control hides so much for you that you dont bother to read docs on how to use the control since you dont have to.

most service dont run using udp, in fact ussually only dns, games, and streaming media apps use it.

realize that connecting to multiple ports rapidly (especially in sequential order on ports that are not normally used) can cause the pc on the other to ban you thus disallowing any traffic from your ip to be recognized until the ban is lifted (aint filtering great, helps keep out trouble makers). so keep the scanning to your own home network. unfortunatly you will not find many open ports on a windows machine. in fact the only thing open is netbios and even that is only open if the pc is setup for file sharing.

Share this post


Link to post
Share on other sites
KalvinB    102
"What is your goal?"

To find holes in my network. I don't trust other people to write this kind of program so I wrote my own. I could very easily have it automatically e-mail the results of the scan or even post them to my web-site using "GET" or even "POST" to make a bogus request to my site with the info and the user would never know they logged a potential hole in their system for me.

Since you suggested I scan UDP I was just curious as to whether or not Winsock could do that and if so how. I've been using Google but since you brought it up I thought maybe you could just tell me. -edit- Figured it out. -/edit-

I know a bit of FTP and HTTP because I run a web-server and an FTP server. Hence my need for a program to make sure my network is secure.

Ben



Edited by - KalvinB on December 18, 2001 9:28:03 PM

Share this post


Link to post
Share on other sites
Guest Anonymous Poster   
Guest Anonymous Poster
Hi Ben,

Are you using the winsock control? Simply set one of the properties to TCP/UDP. Using the Winsock API requires far more work, so I''ll leave that for now.

On Planetsourcecode.com you can find *many* multi threaded ports-scans.

Also, if you want to do this "from outside" check:
* www.symantec.com (->Securitycheck)
* www.dslreports.com/tools (various tests)
* https://grc.com/x/ne.dll?bh0bkyd2

These should give you enough information about everything visible form the internet.

I thought I had a port-list somewhere, but atm. I cannot find it... Quick search on google:

http://www.onctek.com/trojanports.html (Url says it!)
http://www.networkice.com/advice/Exploits/Ports/


Should be everythign you wanted, I believe. Good luck

Share this post


Link to post
Share on other sites