{"id":747,"date":"2020-04-26T21:14:02","date_gmt":"2020-04-26T19:14:02","guid":{"rendered":"http:\/\/tech.sosthe.sk\/?p=747"},"modified":"2020-04-26T21:16:14","modified_gmt":"2020-04-26T19:16:14","slug":"skenovanie-portov","status":"publish","type":"post","link":"http:\/\/tech.sosthe.sk\/index.php\/2020\/04\/26\/skenovanie-portov\/","title":{"rendered":"Skenovanie portov"},"content":{"rendered":"<p><strong>Skenovanie portov<\/strong> (anglicky <em>port scanning<\/em>) je v informatike met\u00f3da zis\u0165ovania otvoren\u00fdch sie\u0165ov\u00fdch portov na vzdialenom po\u010d\u00edta\u010di v po\u010d\u00edta\u010dovej sieti. Je tak mo\u017en\u00e9 zisti\u0165, ak\u00e9 slu\u017eby s\u00fa na vzdialenom po\u010d\u00edta\u010di spusten\u00e9 (napr\u00edklad d\u00e9mon pre webov\u00fd server, zdie\u013ean\u00e9 disky a podobne). Na zis\u0165ovanie je pou\u017e\u00edvan\u00fd \u0161peci\u00e1lny softv\u00e9r, napr\u00edklad program <em>nmap<\/em>. Skenovanie je pova\u017eovan\u00e9 za ne\u017eiaducu techniku, preto\u017ee ju \u010dasto zneu\u017e\u00edvaj\u00fa crackery na zistenie slab\u00fdch miest (zranite\u013enosti) a n\u00e1sledn\u00e9mu \u00fatoku. M\u00f4\u017ee ma\u0165 v\u0161ak aj legit\u00edmne vyu\u017eitie ako n\u00e1stroj pre zlep\u0161ovanie po\u010d\u00edta\u010dovej bezpe\u010dnosti.<\/p>\n<p>Sie\u0165ov\u00e9 slu\u017eby funguj\u00fa typicky na princ\u00edpe klient-server, kde serverov\u00e1 \u010das\u0165 funguje v podobe d\u00e9mona (tj. programu, ktor\u00fd je na po\u010d\u00edta\u010di trvalo spusten\u00fd a be\u017e\u00ed bez kontaktu s pou\u017e\u00edvate\u013eom). Aby sa k serverovej \u010dasti mohli prip\u00e1ja\u0165 klienti, mus\u00ed serverov\u00e1 \u010das\u0165 na\u010d\u00fava\u0165 na sie\u0165ovom porte a reagova\u0165 na pokusy klienta o nadviazanie spojenia (tj. na serveri bude port tzv. otvoren\u00fd). Komunik\u00e1cia medzi klientom a serverom prebieha typicky pomocou protokolov TCP alebo UDP. V oboch pr\u00edpadoch je mo\u017en\u00e9 simulova\u0165 klienta, ktor\u00fd m\u00e1 o slu\u017ebu z\u00e1ujem a vyprovokova\u0165 tak reakciu serverovej \u010dasti. Toho vyu\u017e\u00edva \u0161peci\u00e1lny softv\u00e9r, ktor\u00fd sa o spojenie pok\u00fa\u0161a. Preto\u017ee implement\u00e1cia podpory rodiny protokolov TCP\/IP je ve\u013emi komplikovan\u00e1 z\u00e1le\u017eitos\u0165 a pr\u00edslu\u0161n\u00e9 RFC typicky nedefinuj\u00fa spr\u00e1vanie v limitn\u00fdch pr\u00edpadoch, je mo\u017en\u00e9 pomocou vhodnej datab\u00e1zy a vhodn\u00e9ho nekorektn\u00e9ho provokovania dosiahnu\u0165 rozdielnych odpoved\u00ed v z\u00e1vislosti na verzii alebo typu software, ktor\u00fd odpove\u010f vytvor\u00ed. Je tak mo\u017en\u00e9 rozozna\u0165 od seba r\u00f4zne opera\u010dn\u00e9 syst\u00e9my (napr. Linux, MS Windows, MacOS X, BSD, Cisco IOS at\u010f.), ale aj r\u00f4zne verzie t\u00fdchto syst\u00e9mov. Rozpozn\u00e1vanie je t\u00fdm \u00faspe\u0161nej\u0161ie, \u010d\u00edm viac otvoren\u00fdch portov je na cie\u013eovom po\u010d\u00edta\u010di k dispoz\u00edcii.<\/p>\n<p>Skenovanie portov s\u0165a\u017euje firewall, ktor\u00fd m\u00f4\u017ee pokusy o spojenie na niektor\u00e9 porty blokova\u0165 alebo rozpozna\u0165 skenovanie hne\u010f v za\u010diatku a \u010fal\u0161iu prev\u00e1dzku zablokova\u0165. Skenovanie portov pou\u017e\u00edvaj\u00fa spr\u00e1vcovia po\u010d\u00edta\u010dov, ale aj \u00fato\u010dn\u00edci (crackery), ktor\u00ed m\u00f4\u017eu zisten\u00e9 nedostatky (napr. program\u00e1torsk\u00e9 chyby) zneu\u017ei\u0165 k prieniku do syst\u00e9mu (pomocou exploitu).<\/p>\n<h3><span id=\"Typy_skenov\u00e1n\u00ed\" class=\"mw-headline\">Typy skenovania<\/span><\/h3>\n<p><strong><span id=\"TCP_scanning\" class=\"mw-headline\">TCP scanning<\/span><\/strong><\/p>\n<p>TCP scanning je z\u00e1kladnou formou skenovania.\u00a0Sk\u00fa\u0161a sa postupne prip\u00e1ja\u0165 na jednotliv\u00e9 porty syst\u00e9mov\u00fdm volan\u00edm <em>connect ()<\/em>.\u00a0Ak sa podar\u00ed pripoji\u0165, znamen\u00e1 to, \u017ee je port otvoren\u00fd a \u017ee m\u00f4\u017eeme po\u010d\u00fava\u0165.\u00a0V opa\u010dnom pr\u00edpade je potom port nedostupn\u00fd a je vr\u00e1ten\u00fd k\u00f3d chyby.\u00a0Tento re\u017eim skenovania m\u00e1 t\u00fa v\u00fdhodu, \u017ee od u\u017e\u00edvate\u013ea nevy\u017eaduje \u017eiadne zvl\u00e1\u0161tne privil\u00e9gi\u00e1.\u00a0To znamen\u00e1, \u017ee tento re\u017eim skenovania m\u00f4\u017ee vykon\u00e1va\u0165 ak\u00fdko\u013evek u\u017e\u00edvate\u013e.\u00a0T\u00e1to met\u00f3da je ve\u013emi &#8222;n\u00e1padn\u00e1&#8220;, a preto je tie\u017e \u013eahko odhalite\u013en\u00e1.<\/p>\n<p><strong><span id=\"SYN_scanning\" class=\"mw-headline\">SYN scanning<\/span><\/strong><\/p>\n<p>SYN scanning je \u010fal\u0161ou formou TCP skenovania.\u00a0Tento typ skenovania je zn\u00e1my tie\u017e ako &#8222;half-open scanning&#8220;, preto\u017ee nikdy neotvor\u00ed cel\u00e9 TCP spojenie. Port skener generuje paket <em>SYN<\/em> a ak je cie\u013eov\u00fd port otvoren\u00fd vr\u00e1ti n\u00e1m paket <em>SYN-ACK<\/em>.\u00a0Skener potom odpoved\u00e1 poslan\u00edm paketu <em>RST<\/em>, \u010do je \u017eiados\u0165 o ukon\u010denie spojenia a spojenie sa n\u00e1sledne ukon\u010d\u00ed. Posielanie paketov pri skenovan\u00ed je pre cie\u013eov\u00e9ho hostite\u013ea menej ru\u0161iv\u00e9, preto je t\u00e1to met\u00f3da hor\u0161ie vyp\u00e1trate\u013en\u00e1.<\/p>\n<p><strong><span id=\"UDP_scanning\" class=\"mw-headline\">UDP scanning<\/span><\/strong><\/p>\n<p>UDP scanning posiela paket na port, ktor\u00fd ke\u010f nie je otvoren\u00fd odpovie spr\u00e1vou ICMP <em>port unreachable<\/em>.\u00a0Ak odpove\u010f ch\u00fdba je port otvoren\u00fd.\u00a0Av\u0161ak ak je port blokovan\u00fd firewallom, bude t\u00e1to met\u00f3da falo\u0161ne hl\u00e1si\u0165, \u017ee dan\u00fd port je otvoren\u00fd.\u00a0T\u00e1to met\u00f3da je v\u0161ak ve\u013emi pomal\u00e1.<\/p>\n<p><strong><span id=\"ACK_scanning\" class=\"mw-headline\">ACK scanning<\/span><\/strong><\/p>\n<p>ACK scanning je unik\u00e1tnym typom skenovania portov. U tohto typu skenovania nem\u00f4\u017eeme presne ur\u010di\u0165, ktor\u00fd port je otvoren\u00fd alebo uzavret\u00fd.\u00a0Pomocou ACK skenovania zist\u00edme ak je port filtrovan\u00fd alebo nefiltrovan\u00fd. To je obzvl\u00e1\u0161\u0165 dobr\u00e9 k zis\u0165ovaniu nastavenia firewallu.<\/p>\n<p><strong><span id=\"Window_scanning\" class=\"mw-headline\">Window scanning<\/span><\/strong><\/p>\n<p>Window scanning s\u00favis\u00ed s ve\u013ekos\u0165ou okna TCP.\u00a0Je pomerne nespo\u013eahliv\u00e9 pri zis\u0165ovan\u00ed otvorenia alebo uzatvorenia portu. Princ\u00edpom je podobn\u00e9 ACK skenovaniu.<\/p>\n<p>&nbsp;<\/p>\n<h3>Skenovac\u00ed softv\u00e9r<\/h3>\n<p>Na zis\u0165ovanie otvoren\u00fdch portov pou\u017eijeme free program <strong>Advanced Port Scanner<\/strong>. Jeho v\u00fdhoda je v jednoduchosti ovl\u00e1dania a toho, \u017ee m\u00e1 aj podporu slovenskej lokaliz\u00e1cie. Stiahnu\u0165 si ho m\u00f4\u017eete <strong><a href=\"https:\/\/www.advanced-port-scanner.com\/sk\/\">tu<\/a><\/strong>. Umo\u017e\u0148uje r\u00fdchlo vyh\u013eada\u0165 v\u0161etky otvoren\u00e9 porty (TCP a UDP) a zisti\u0165 verzie programov, ktor\u00e9 s\u00fa na nich spusten\u00e9. Program obsahuje aj mnoho \u010fal\u0161\u00edch funkci\u00ed, ktor\u00e9 zjednodu\u0161uj\u00fa riadenie siete. M\u00f4\u017eete ho nain\u0161talova\u0165, alebo iba spusti\u0165. Ovl\u00e1danie je ve\u013emi intuit\u00edvne. Sta\u010d\u00ed zada\u0165 IP adresu, alebo rozsah adries a rozsah skenovan\u00fdch portov a spusti\u0165 skenovanie.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-748 \" src=\"http:\/\/tech.sosthe.sk\/wp-content\/uploads\/2020\/04\/portscanner-1024x642.png\" alt=\"\" width=\"584\" height=\"366\" srcset=\"http:\/\/tech.sosthe.sk\/wp-content\/uploads\/2020\/04\/portscanner-1024x642.png 1024w, http:\/\/tech.sosthe.sk\/wp-content\/uploads\/2020\/04\/portscanner-300x188.png 300w, http:\/\/tech.sosthe.sk\/wp-content\/uploads\/2020\/04\/portscanner-768x482.png 768w, http:\/\/tech.sosthe.sk\/wp-content\/uploads\/2020\/04\/portscanner.png 1346w\" sizes=\"(max-width: 584px) 100vw, 584px\" \/><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Skenovanie portov (anglicky port scanning) je v informatike met\u00f3da zis\u0165ovania otvoren\u00fdch sie\u0165ov\u00fdch portov na vzdialenom po\u010d\u00edta\u010di v po\u010d\u00edta\u010dovej sieti. Je tak mo\u017en\u00e9 zisti\u0165, ak\u00e9 slu\u017eby&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"_links":{"self":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts\/747"}],"collection":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/comments?post=747"}],"version-history":[{"count":3,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts\/747\/revisions"}],"predecessor-version":[{"id":751,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts\/747\/revisions\/751"}],"wp:attachment":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/media?parent=747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/categories?post=747"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/tags?post=747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}