Portscanning?
 

How do I go about doing a port scan on a website?

Omega showed me that my schools site is pretty insecure

ftp, smtp, http, pop3, netbios-ns, netbios-dgm, netbios-ssn, imap2, ldap, timbuktu, fcp, and ppp (21, 23, 25, 80, 110, 137, 138, 139, 143, 389, 407, 510, and 3000) and telnet

so im curious to look around on the site

well, port scanning on a website, might not be the actual web server. many companies have a port forewarding setup on a internet gateway box so if anybody sends requests @ port 80 (http) it will foreward the packets to the webserver inside the lan, and the server will respond and those packets will get sent back into the internet.


Now if you want to scan ports on a computer inside your network (or school network). Keep in minds net admins will be able to detect it and you might get in serious trouble. Hence the term "Scan my network and die"

I am aware of the risks

But isnt port scanning legal until you do something bad

oh christ now this is going to become a ethics thread hah

But how do I do the actual scanning

i've been using this since i first touched unix:

http://www.insecure.org/


nmap is what you're looking for.

Yup. I ran an nmap -v -sS -O -P0 xxx.xxx.xxx.xxx on the box in question. I believe they do have a port to Windows, if you don't have a *nix box at your disposal.

The fastest one I have used for Windows is Blue's Port Scanner. It's a small file that you don't have to setup, so you can run it on user profiles with limited access (where you can't install others).

I am neither implying nor condoning misuse of any policies by the contents of this message.