hello everyone! - vulnerable ports??

awaisyboy

- I did the exam 4 weeks ago but failed very badly(over- confidence) achieved 71%...
I used the Sybex study guide...Since then I have used others including Syngress and Tcats to complement sybex. I have one question..which is nagging me which came up on the exam..

Edited by Russ - sorry we can not have exam questions posted here

? What would be the answer?? I would have thought all of them. But then again, in the 65000 + ports there are there here are made up of tcp as well as udp.

Any help will be appreiciated!!

Lexxdymondz

Just a guess where but wouldn't all of the port be vunerable in one way or another?

RussS

Lexxdymondz - you are totally correct. All ports are vunerable, which is why when hardening a network we close all ports except those that are strictly necessary. We can then monitor and control these open ports more easily.

pandimus

I just took this exam and failed too.. I thought i did pretty good during, i knew alot of the questions.. I guess just not enough detail.. I had this exact question too, but i dont even know where to start to find the answer. That question seems a little flimsy to me..

RussS

Officially 65535 - or at least according to Comptia. They use [url] http://www.iana.org/assignments/port-numbers[/url] as a reference.

The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.

The Well Known Ports are those from 0 through 1023.

The Registered Ports are those from 1024 through 49151

The Dynamic and/or Private Ports are those from 49152 through 65535

I have also seen a question regarding 'Well known ports' and the answer was actually outside the numbers recognised by IANA - read the questions carefully and consider the answers before you submit your answer.

JDMurray

Here's the way a software engineer looks at this issue:

A port is like a doorway that can be opened by a local or a remote process (i.e., software) to only send data (write-only) or to only receive data (read-only).

A port may be opened by only one local process at a time; a port may be opened by many remote processes at the same time (think multiple web browsers all hitting port 80 on a web server).

To a local process, any closed port is available for use (i.e., can be opened).

Remote processes can only connect to ports that have been opened by local processes. To a remote process, a closed port is like a doorway that opens to a brick wall. Closed ports are therefore not vulnerable to attacks from a remote process.

A port is "possibly" vulnerable when it is opened by a process and the process is "listening" to the port. An attack is an attempt to disable or control the process listening to the port.

If a process opens a port to only send data, but not receieve data, the port is not typically considered vulnerable.

With some poorly-implemented TCP/IP stacks, a port locally-opened in send-only mode can be vulnerable if it unexpectidly receives data (this is unlikely to happen).

An example:

The Telnet port (23) is one of the most attacked ports and is therefore considered a "vulnerable attack point," but only if the machine is running a Telnet server on port 23 (or, for that matter, any kind of process listening on port 23). If no process is listening on port 23 then this port is not vulnerable on that machine.


Of course, all this is moot within the context of the Security+ exam. Your real answers will come from knowing "what does CompTIA think a vulnerable port is?"