Scanning Tools

Scanning Tools
A scanner is a software tool that examines and reports about vulnerabilities on local and remote hosts. Scanners are available as dedicated tools, which are called port scanners; as network scanners; or as part of a networking utility suite. A port scanner examines and reports upon the condition (open or closed) of a port as well as the application listening on that port, if possible. Network utilities such as dig, ping, and trace are limited-use port scanners.(N. Vlajic, Fall 2010)
These scanners have proven to be very useful systems in that they help examining networks for security vulnerabilities and to keep hackers out of your computers. They were originally made for the prior but in the contemporary digital world and the internet, it seems to serve a greater function of keeping hackers out. They target vulnerable areas on your network and make money out of it. Scanners are also used by students, hobbyists and hackers to find the weakness in networks. Once they can find the loop hole, they use it to get information from the target.
Scanners were not there when the computing world began. Computers were very vulnerable then but there was no need for scanners because people did not have the public knowledge for these vulnerabilities. (N. Vlajic, Fall 2010) Through ARPANET, the internet was eventually born. Again there was no need for concern as it was the prevalent philosophy, “Networking is a private club where we are all known to one another”. A few years’ later students and hobbyist were using scanners. With a ‘we are all friends here’ philosophical notion (N. Vlajic, Fall 2010). But when the internet was fully fledged the vulnerabilities discovered using scanning applications were published on the internet and hackers started making money out of that. It was at this time that the first scanner can to be. They were port scanners. They attempted to connect various ports. These port worked on UNIX platforms which allowed legitimate network users access shell accounts after dialing specific telephone numbers. Shell scripts created by system administrators connected are ones that connected these ports hence checking security vulnerabilities.
Scanners have since the advanced progressively but the modern scanners were not developed primarily to take on criminal activities. Today they are used on several popular platforms. (N. Vlajic, Fall 2010) They still are used by criminal hackers, students, hobbyists and the security professionals.
There are six types of scanning. One is the transmission control protocol (TCP) where the target host transmits connection-succeeded messages for active ports and host-unreachable message for inactive port. This is after and attempt to make TCP connections with all of the ports on a remote system. (N. Vlajic, Fall 2010) Second is the Half-Open Scanning. Here the host checks whether the target host’s port is open or not. It is called a Half-Open Scanning because the target host should not ‘reply’ which technically means that it is not listening from that port. The third is user datagram protocol (UDP). Here, when the scanner send sends a 0-byte UDP packet to all the ports on a target host, the target host will reply with an Internet Control Message Protocol (ICMP) or not reply at all. The ICMP means that the port is closed while a no reply means that it is active. In fourth is IP protocol scanning. This process works like in UDP but IP packets are sent instead to each protocol on the target host. If there is no reply this time, a possible hacker will be disappointed because while he or she might think it is because they share the same protocol, it is actually because that firewall and Compaq Tru64 Operating System will thwart the attempts since they do not send ICMP unreachable messages. Ping Scanning which comes in fifth sends ICMP echo request packets to a remote host and follows the same procedure to check whether it’s active or not. However it gives false negative readings when the hosts block or drop ICMP echo request packets. Finally there is stealth scanning. Stealth Scanning lets you examine hosts behind firewalls and packet filters; in some ways it is similar to half-open scanning in that most stealth scanners do not allow target hosts to log the scanning activities. (N. Vlajic, Fall 2010)
There six types of scanning as well. Nessus type of scanning. It is a remote security scanner designed to various versions of UNIX. It generates reports in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problem. (N. Vlajic, Fall 2010) Network Mapper (Nmap) is another type of scanner that is quite popular, easy to use and supports many different operating systems. It is flexible, powerful, portable, easy, free, well documented, supported, acclaimed and popular. Security Auditor’s Research Assistant (SARA) was a type of scanning till it became obsolete. It was designed to work with and interface with other security tools. It was developed in 1995 and run on various operating systems. SAINT, or Security Administrator’s Integrated Network Tool, has a downloadable application, which works on UNIX, Linux, and Mac OS X operating systems. Saint also produces an appliance to scan networks and an online “over-the-Internet” scanning application. (N. Vlajic, Fall 2010) Strobe as a scanner scans for all open ports on the target host. Developed by Julian Assange, it is a TCP port scanner for BSD and Red Hat. Finally, the Cheop port scanner for Linux operating systems is a scanner with a graphical nature developed for the GNOME interface by using the GTK+ kit. It slows all other applications by using dramatically large percentage of cpu styles.
With all said and done, it can be concluded in continuous progress, that the scanner has developed and has been used in the right and wrong hands but has most ensured computing security and checking for vulnerabilities.

References
http://www.cse.yorku.ca/course_archive/2010-11/F/4482/CSE4482_07_ProtectionMechanisms_ScanningAnalysisTools.pdf
Reference