
摘 要
关键词: TCP connect扫描 SCOKETS 系统识别 防火墙 TCP端口
ABSTRACT [来源:http://www.doc163.com]
The Internet is fast of development, brought for us the convenience also brought us a misgiving of information safety in the meantime. In the safety management of the calculator, we can monitor long range or native host safety weakness of procedure through a port scan collecting the system information, which can discover the allotment, service that providing and their own soft edition of various TCP port in long range server. Thereby, the administrators can manage the safety problem that the long range host existing directly or indirectly. Thus the port scans technique has gradually in focus of people’s attention.
This text introduce the basic principle, scanned way, essential software and development circumstance scans technical basic principle to the port first and scanned way, essential software of port scan technology firstly, and then introduce the development tool and development environment in this scanner. Finally, it introduces the special features and design direction of port scanner that the designer design himself. But also according to his own study of scan technique of port, we can to seek for the network scan technology that developed recently. [版权所有:http://DOC163.com]
After discussion the impact and opportunity that new technique bring to the port scan, the author has been forecast the foreground of port scan technology base on his own comprehension, especially for how to identify the operate system and safe scanner, and put forward some feasible suggestions of the port scanner. Then the author brings forward his attitude on the work that aggressor’s breaking through fire wall to collect valid information. As an aggressor, he should know how to put forward his viewpoint of making use of scan technology effectively, Also can summarize the usability of port scan technology.
Key words:TCP CONNECT-SCAN SOCKETS System judgment Firewall TCP port
(3) FTP信息:黑客将测试是否开放FTP服务,匿名FTP是否可用,若可用,则试图发掘更多的潜在问题。
(4) TCP/UDP扫描:对于TCP, telnet可以用来试图与某一特定端口连接,这也是手工扫描的基本方法。从返回的标识可以得到更多的信息。从中再分析系统是否开放RPC服务、FINGER, RUSERS和RWHO等比较危险的服务。
.全开扫描:通过完整的TCP连接探查端口。主要有TCP connect,反向ident.
.半开扫描:通过不完整的TCP连接探查端口。主要有SYN flag,IP ID header "dumb scan".
.隐蔽扫描(stealth scanning):利用FIN字段来探查端口。不包含标准三次握手的任一部分。主要有SMACK flag, ACK flags, NULL flags,ALL flags (XMAS).
.IP段扫描((sweeps scanning):同时对一个网段进行扫描。主要有TCP echo, UDP echo, TCP SYN, ICMP echo.
本设计成形后的软件是一个采用Tcp connect技术的端口扫描器。通过多线程技术可以通过同时打开多个套接字加速扫描。使用非阻塞I/O允许你设置一个低的时间用尽周期,同时观察多个套接字。但这种方法的缺点是很容易被发觉,并且被过滤掉。目标计算机的logs文件会显示一连串的连接和连接是出错的服务消息,并且能很快的使它关闭。因此本软件在实际扫描中不具备穿透防火墙的能力。同时,在设计中保持软件概念完整性的基础上也增加了一些实用小工具。

中文摘要 I
英文摘要 II
1 研究背景 1
1.1 网络安全 1
1.2 安全扫描技术的产生及其发展 1
1.3安全扫描技术的分类 3
2 端口扫描技术 5
2.1开放扫描技术 5
2.2半开放扫描技术 5
2.3隐蔽扫描技术 6
2.4其它扫描技术 7
3 WINDOWS网络核心编程理论 9
3.1 TCP/IP协议模型 9
3.2应用程序接口 10
3.3进程通信 16
4 端口扫描的设计与实现 21
4.1设计目标 21
4.2 程序框架设计 21
4.3 引擎系统设计 27
4.4 控制台与引擎间的通信 31
4.5 技术背景 32
4.6 网络通信 36
5 测试 44
5.1测试环境 44
5.2测试方法 44
5.3测试时间 47
总结 49
参考文献 50
致谢 51
关键词: TCP connect扫描 SCOKETS 系统识别 防火墙 TCP端口
ABSTRACT [来源:http://www.doc163.com]
The Internet is fast of development, brought for us the convenience also brought us a misgiving of information safety in the meantime. In the safety management of the calculator, we can monitor long range or native host safety weakness of procedure through a port scan collecting the system information, which can discover the allotment, service that providing and their own soft edition of various TCP port in long range server. Thereby, the administrators can manage the safety problem that the long range host existing directly or indirectly. Thus the port scans technique has gradually in focus of people’s attention.
This text introduce the basic principle, scanned way, essential software and development circumstance scans technical basic principle to the port first and scanned way, essential software of port scan technology firstly, and then introduce the development tool and development environment in this scanner. Finally, it introduces the special features and design direction of port scanner that the designer design himself. But also according to his own study of scan technique of port, we can to seek for the network scan technology that developed recently. [版权所有:http://DOC163.com]
After discussion the impact and opportunity that new technique bring to the port scan, the author has been forecast the foreground of port scan technology base on his own comprehension, especially for how to identify the operate system and safe scanner, and put forward some feasible suggestions of the port scanner. Then the author brings forward his attitude on the work that aggressor’s breaking through fire wall to collect valid information. As an aggressor, he should know how to put forward his viewpoint of making use of scan technology effectively, Also can summarize the usability of port scan technology.
Key words:TCP CONNECT-SCAN SOCKETS System judgment Firewall TCP port
(3) FTP信息:黑客将测试是否开放FTP服务,匿名FTP是否可用,若可用,则试图发掘更多的潜在问题。
(4) TCP/UDP扫描:对于TCP, telnet可以用来试图与某一特定端口连接,这也是手工扫描的基本方法。从返回的标识可以得到更多的信息。从中再分析系统是否开放RPC服务、FINGER, RUSERS和RWHO等比较危险的服务。
.全开扫描:通过完整的TCP连接探查端口。主要有TCP connect,反向ident.
.半开扫描:通过不完整的TCP连接探查端口。主要有SYN flag,IP ID header "dumb scan".
.隐蔽扫描(stealth scanning):利用FIN字段来探查端口。不包含标准三次握手的任一部分。主要有SMACK flag, ACK flags, NULL flags,ALL flags (XMAS).
.IP段扫描((sweeps scanning):同时对一个网段进行扫描。主要有TCP echo, UDP echo, TCP SYN, ICMP echo.
本设计成形后的软件是一个采用Tcp connect技术的端口扫描器。通过多线程技术可以通过同时打开多个套接字加速扫描。使用非阻塞I/O允许你设置一个低的时间用尽周期,同时观察多个套接字。但这种方法的缺点是很容易被发觉,并且被过滤掉。目标计算机的logs文件会显示一连串的连接和连接是出错的服务消息,并且能很快的使它关闭。因此本软件在实际扫描中不具备穿透防火墙的能力。同时,在设计中保持软件概念完整性的基础上也增加了一些实用小工具。


中文摘要 I
英文摘要 II
1 研究背景 1
1.1 网络安全 1
1.2 安全扫描技术的产生及其发展 1
1.3安全扫描技术的分类 3
2 端口扫描技术 5
2.1开放扫描技术 5
2.2半开放扫描技术 5
2.3隐蔽扫描技术 6
2.4其它扫描技术 7
3 WINDOWS网络核心编程理论 9
3.1 TCP/IP协议模型 9
3.2应用程序接口 10
3.3进程通信 16
4 端口扫描的设计与实现 21
4.1设计目标 21
4.2 程序框架设计 21
4.3 引擎系统设计 27
4.4 控制台与引擎间的通信 31
4.5 技术背景 32
4.6 网络通信 36
5 测试 44
5.1测试环境 44
5.2测试方法 44
5.3测试时间 47
总结 49
参考文献 50
致谢 51