๐ Why You Need to Know This
In 2017, a programmer wrote a small script: he scanned the entire internet and checked which servers had "window" number 11211 (Memcached database) open.
In 2 weeks, he found millions of servers where this window was open externally without a password. Through these open windows, he launched an attack on GitHub with a power of 1.35 Tbit/s โ a record for that year.
The lesson is expensive: one extra open window = the entire server exposed. Hackers know this. Server owners often don't.
This lesson is about how a hacker looks at the house before knocking. Explained simply, without commands (commands are in the next lesson).
๐ What is a Port Scanner
๐ฏ Explained Simply in 30 Seconds
A port scanner = a burglar who walks around the perimeter of a house and tries every window.
In the last module, we learned: every server has 65,535 "windows" (ports). Most are closed. But some are open.
The scanner knocks on each window in turn: "open?" โ and records the answer. Within a minute, the hacker has a complete map: which windows are open, what can be seen through them.
The most famous scanner in the world is โ nmap. It's free, available on all OS, and already installed in Kali Linux.
๐ค Why Open Ports are a "Hook"
A server usually has 5-20 ports open out of 65,535. Each is a "separate service." For example:
| Window | What's there | How to explain to mom |
|---|
| 80 | Web (HTTP) | Shop window |
| 443 | Secure Web (HTTPS) | Bulletproof glass display window |
| 22 | SSH (admin login) | Back entrance for the cleaner and facility manager |
| 21 | FTP (file transfer) | Service entrance |
| 3306 | MySQL Database | Warehouse with goods (SHOULD NOT be exposed!) |
| 3389 | Windows Remote Desktop | "Someone else's screen mirror" |
๐ฃ What a Hacker Looks For
- Windows that shouldn't be exposed at all โ database, dev-server, test admin panel. Owner forgot to close โ ready-made vulnerability.
- Windows with an old software version โ a 2018 service with a known vulnerability is running there.
- Windows with a default password โ admin/admin or root/root. Thousands of servers still exist with these.
๐ช How the Scanner "Knocks" โ Three Ways
Technically, a scanner can knock in different ways. You don't need to know all the protocols โ you need to understand the idea.