LAS VEGAS -- Two steps forward, one step back.
In a presentation at the DEFCON hacking conference, security researcher Fyodor, the creator of the popular Nmap port scanning tool, revealed that his latest scan of millions of Internet hosts found that too many computers are still allowing communication on the insecure Telnet port. The top-four open TCP ports, according to Fyodor, are HTTP (port 80), Telnet (port 23), SSH (port 22) and HTTPS (port 443).
"As a security guy, it's depressing to still see Telnet open more often than SSH," he said.
In his talk, the Nmap developer discussed his massive port scanning effort and the features that he added to the latest version of the program to make it more efficient. He implemented lists of top ports to help make scanning for live hosts quicker. Using the top-ports option -- rather than scanning all possible ports -- reduced the time it took to complete the scan drastically. In one case, it reduced a scan that took more than an hour to about 13 seconds.
However, the option comes at the expense of catching all possible hosts. Scanning for the top-10 ports, for example, caught about 48 percent of all live hosts, while scanning for the top-100 ports caught 73 percent.
"A penetration tester who needed immediate results could use a quick and dirty scan, while running a second, full scan to catch everything," Fyodor said.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos