Вестник Дагестанского государственного технического университета: Технические науки (Jul 2024)

Analysis of features of implementing a “Port scanning” attack using a “Zombie” computer

  • N. V. Boldyrikhin,
  • M. V. Karpenko,
  • I. A. Sosnovsky,
  • E. A. Yadrets

DOI
https://doi.org/10.21822/2073-6185-2024-51-2-53-61
Journal volume & issue
Vol. 51, no. 2
pp. 53 – 61

Abstract

Read online

Objective. Analyze the implementation features of a “Port scanning” attack using a “Zombie” computer to hide the IP address of the attacking machine.Method. The method is based on computer simulation of a “port scanning” attack using a virtual infrastructure of the network.Result. Theoretical aspects related to the implementation of a “port scanning” attack using a “zombie” computer are analyzed. The parameters by which a “zombie” machine is selected on the network are indicated. A computer simulation of a “port scanning” attack using a virtual infrastructure of the network was carried out. Simulation results illustrating the successful implementation of the attack are presented. A simple way to counter this attack is proposed.Conclusion. When implementing a port scanning attack using the Nmap utility, you can obtain a lot of valuable information related to open TCP ports and services running on the attacked systems. To ensure security when conducting port scanning, attackers can successfully use technology to mask the IP address of the attacking machine by using a “zombie” computer. The technique of replacing the attacker’s IP address with the IP address of a “zombie” machine is not only effective, but also safe for attackers. By using a “zombie” machine, the attacker scans ports without revealing his real location, which allows him to avoid legal consequences associated with illegal activity on the network. By analyzing the data obtained after scanning, an attacker can obtain information about which ports are open on the target computer and create a map of the vulnerabilities of the attacked system. As a way to protect against this attack, it is enough to use the Windows Firewall with standard settings.

Keywords