Last time I have collected some of the best ethical hacking tutorials from my own blog, which got quite a god response from you people. So I decided to get a great collection of some of the best security blog I have ever came across. Hope you like it as well.

Darknet.org.uk

- Don’t Learn to Hack , Hack to Learn. Its their slogan & also giving out one of the well known truth that you can never learn hacking without getting into it. He writes about phishing, web hacking, general, wireless hacking, vulnerabilities & exploits. Its a good one to follow to know the latest exploits.

Insane Security

- Security Through Distorted Eyes, This guy,  is keeping a close eye on security happening s & you must fllow him to get the latest news about hacking, more than that you would love the way he writes because he got the ingredient of fun within his hacking.

Roger’s Informative Security Blog

This blog is not just about security its also about security updates & technology. Within past few days he have written great articles regarding facebook & security updates. Its a good one two follow as a security news blog.

SecuriTeam Security Blog

Securiteam security blog is about coding, vulnerabilities, bus & exploits. They are also regularly posting the unique exploits & you should follow this blog if you are more interested into exploits & vulnerabilities (I am wondering, who is not ?)

Anarchia.tk – Computer Hacks & Security

I have missed this blog for long time, and wondered why I don’t got anything like that in my early hacking days. It is one of the best blogs for anarchists who wish to start their career as hacking. It includes various topics from computer tweaks to hardcore hacking. So Beginners, never miss this one please.

Tech Republic IT Security

Another great collection of ethical hacking & security news & articles, It is online from 4-5 years now, they are giving out some of the best news in IT perspective. There content is great to follow & also to become a strong minded ethical hacker.

So this is it guys, I guess if you follow all this blog you can survive a lot much in security industry than others. Not just for survival but for learning & hacking , DO FOLLOW THESE TOP ETHICAL HACKING & SECURITY BLOGS – ALWAYS.

Port scanning determines which ports are listening to the active connections on the subjected host. These ports represent potential communication channels. With the help of port scanning we get close to the network communication scenario. We get to know more about victim’s network which is useful for further attacks. Internet does not exclusively rely on TCP port 80, used by hypertext transfer protocol (HTTP). Any surfer surfing any website can gain the same level of proficiency as your average casual surfer. Port scanning can be efficiently done to reveal the secret’s about the host.

Automated port scanners are necessary to perform such scanning, which are available in the market for very small cost.

Port scanning is done so as to gather information passively about the victim. This help’s intruder to eavesdrop into Victim’s Network.

Such scanning also helps in gathering information so as to form a network map. Network map are useful to get to know the victim network architecture or hierarchy.

There are thousands of ports available for communication on a network some well known are FTP, HTTP, SMTP etc., Which ports remains open or close depends on the network’s requirement. Like any web server will always have an FTP port open.

Every port has its unique number which is targeted after the successful port scanning. Various bugs, backdoors are installed on these ports and tested whether the system is vulnerable.

And this is how a successful attack through port scanning is done.

Hope you have enjoyed this informative article about port scanning. We are covering requirements of a good port scanner in next post.

To know more about port scanning comment here or mail us at amol@hackersenigma.com

We have covered brief introduction about port scanning and its techniques in our previous topic. Here we are, with requirements of a good port scanner.

Dynamic delay time calculations: Delay time is necessary for some scanners to send the data chunks.  So you need to check whether it is working properly or not with ping, which gives replies to every execution. But that is some time cumbersome, so you can use connect ( ) to a closed port on target. Which can gives you an initial delay time you’re your scanner. Simple, isn’t it!!!
 
Parallel Port Scanning: Scanners generally scans orts linearly and one by one till total ports are reached, but this old technique only works better with TCP on a faster network. So you need to test whether your port scanner has parallel port scanning or not because we have to scan over larger area or wide area network.

Port Scanners

Flexible Port Specification: Can you believe we need to scan all 65535 ports. It will be slow and tiresome process. Also, the scanners which only allow you to scan ports 1 – N often fall short of an intruder’s need. Test whether your scanner has ranges option available which can allow you to scan the ports in better manner.

Flexible target specification: On a larger network you may surely want to scan more than one or two hosts.  So you should have flexible target specification available on your port scanner.

Retransmission: Sending chunks and collecting for response is a way old technique for scanners. But this can lead to false positives or negatives in the case where packets are dropped. So, check whether your scanner have automated retransmission available.

So these are some of the primary facts of considerations. Some secondary consideration includes Down Host Detection, Own IP detector, and IP scanner etc.

Continues From Last Post  . . .

So each machine has unique identification to send and receive data and avoid the confusion. This doesn’t happen with dial-up modems; because it is assumed that any data you send to the modem is destined for the other side of the phone line. But when you send data out onto an Ethernet wire, you have to be clear which machine you intend to send the data to.

In many cases we can analyze today that mostly to machines make communication to each other and few scenarios are like a conference But Ethernet is designed to share plenty of machines to covers together. This is accomplished by putting a unique 12-digit hex number in every piece of Ethernet hardware.

This is so important from the aspect of data and information security. Ethernet was designed to carry other traffic than just TCP/IP, and TCP/IP was designed to run over other wires (such as dial-up lines, which use no Ethernet).

NETBEUI is something that many home users use to share files or data. This does not use TCP/IP protocols to transfer the data. It makes harder for intruders to hack the data.  Raw transmission and reception on Ethernet is governed by the Ethernet equipment. You just can’t send data raw over the wire; you must first do something to it that Ethernet understands. In much the same way, you can’t stick a letter in a mailbox, you must first wrap it in an envelope with an address and stamp. This is what used in traditional TCP/IP Architecture. 

So this is how sniffing attacks get vulnerable to Ethernet.  There are many techniques which gives internet and networks a flexibility through Ethernet is exploited by the use of packet sniffing.

This is not just a dark side, all packet sniffers can be detected even if they have stealth inside them. Also Non promiscus mode conversion can be a great way to stop all types of  packet sniffing attacks.

The behavior of packets and its responses explained last post has been noted by a number of firewall vendors. By understanding such enumerations,  the have modified their security system’s for high anonymity by spoofing the source address of the RST/ACK packet to be that of the target host. As such, the response received by an inquisitive attacker is supposed to be a RST/ACK from the target, rather than the gateway.

This is, of course, uncertain as it implies that the packet has reached the target before being rejected, when we may have already assume that there is. But actually there is a gateway that is filtering the traffic.

Breaking any firewall need a vast knowledge on how any firewall works. But rather than that we can also have knowledge on how firewall vendors roved stealth to their systems.

Firewalls Break in Generally in modifies Firewall and Intrusion Detection Systems (IDS) environments, rather than denying unacceptable policies, they will simply drop the packet without any comment. As the scanner never receives a positive or negative response, there is no way of telling whether the packet did not reach the target because of network problems or whether the target no longer exists or if the packet was intentionally drop en route.

And this is where firewalls succeeds & hide from intruder the way network ports are responding and further attack chances are reduced. The resulting ambiguity and timeouts will slow down the scanning process, and prevent many tools from revealing information of any kind.

But this does not mean that this firewall is unbreakable, experiences one’s always have something strong in their hand named – Experience