Scan: Computer Network Security

Scan is the activity of the probe in large numbers by using the tool automatically. The tool automatically detects the weakness in the local host or remote host. With a scanner, a user in Portugal to find a weakness in an agency's network security system in Indonesia. A scanner is actually a scanner for TCP ports, ie a program that attacks the TCP / IP port and service-service (telnet, ftp, http, etc.) and noted the response from the target computer. In this way, the user program the scanner to obtain valuable information from host to target, for example, can an anonymous user log ins. The tools for scanning are commonly used include: - SATAN (http://www.lish.com) - Jakal (http://www.giga.or.at/pub/hacker/unix) - IdentTCPScan (littp: / / www.giga.or.at / pub / hackers / unix) - CONNECT (http://www.giga.or.at/pub/hacker/unix) - XSCAN (http://www.giga.or.at/pub/hacker/unix) - FSPScan (http://www.giga.or.at/pub/hacker/unix) - And others Which is also called a scanner is a network utility on UNIX-alone utility. This kind is generally used to see whether a service can work well on a remote computer. Actually this is not really a scanner, but can be used to collect information on tenting the target host. Examples for this utility is a command-utility rusers, finger, traceroute, and hosted, which generally is on the UNIX platform. Examples of application of this utility is the use rusers and finger together to obtain information from the user network. A query of the domain rusers wizard.com produce the following information: gajake snark.wizard.com: ttyp1 Nov 13 15:42 7:30 (remote) root snark.wizard.com: ttyp2 Nov 13 14:57 7:21 (remote) robo snark.wizard.com: ttyp3 Nov 15 01:04 01 (remote) ange1111 snark.wizard.com: ttyp4 Nov14 23:09 (remote) Pippen snark.wizard.com: ttyp6 Nov 14 15:05 (remote) root snark.wizard.com: ttyp5 Nov 13 16:03 7:52 (remote) gajake snark.wizard.com: ttyp7 Nov 14 20:20 2:59 (remote) dafr snark.wizard, com: ttyp15Nov 3 20:09 4:55 (remote) dafr snark.wizard.com: ttypl Nov 14 06:12 19:12 (remote) dafr snark.wizard.com: ttypl9Nov 14 06:12 19:02 (remote) While the information below was obtained immediately after the above: user S00 PPP ppp-122-pm1.wiza Thu Nov 14 21:29:30 - still logged in. user S15 PPP ppp-119-pm1.wiza Thu Nov 14 22:16:35 - still logged in. SO4 user PPP ppp-121-pmt.wiza Fri Nov 15 00:03:22 - still logged in. user S03 PPP ppp-112-pm1.wiza Thu Nov 14 22:20:23 - still logged in. user S26 PPP ppp-124-pm1.wiza Fri Nov 15 01:26:49 - still logged in. user S25 PPP ppp-102-pm1.wiza Thu Nov 14 23:18:00 - still logged in. user S17 PPP ppp-115-pm1.wiza Thu Nov 14 07:45:00 - still logged in. user S-1 0.0.0. 0 Sat Aug 10 15:50:03 - still logged in. user S23 PPP ppp-103-pm1.wiza Fri Nov 15 00:13:53 - still logged in. user S12 PPP ppp-111-pm1.wiza Wed Nov 13 16:58:12 - still logged in. At first glance, the above information does not seem useful.However, often through techniques like this one can identify a network user. For example, many Internet users that hides the true identity, for example the channels are Internet Relay Chat (IRC).Seeorang that terbuhung with UNIX-based systems can easily hide his identity on IRC but can not hide the IP addresses of the computers it uses. With the support finger and rusers command, someone who can disassemble the actual IRC user. The following states can difinger process, namely: Usability Process Ip The Line Printer daemon UUCP UNIX to UNIX copy Root root operator The Mail System daemon mail