While hackers can spoof an IP or even a MAC address, they cannot spoof a port. When doing malware analysis, it’s important to understand port usage as it may be an indication of malicious activity.
- [Instructor] Hackers use ports to get in…and attack a system and also to get out…of a system without being noticed.…Port 80 is a default port for HTTP.…Several attacks use port 80 to gain access…to backend services, and include buffer overflows,…SQL injections, and cross-site scripting.…To exit a system, hackers can use DNS over port 53,…as this protocol is generally open…and security devices seldom examine or filter DNS traffic.…
There are 65,535 TCP and UDP ports available…to the operating system.…The Internet Assigned Numbers Authority…divides the port numbers into three ranges.…The well-known ports range from zero to 1,023.…The registered ports range from 1,024 to 49,151.…And the dynamic and private ports…are those that range from 49,152 through 65,535.…
Here we see a list of commonly used ports.…And of course, there are many, many others.…When configuring a system, use only necessary services,…as some applications are insecure and deprecated,…such as Telnet, which uses port 23…and sends data in clear text.…
- Trends in cyberattacks
- Preventing system compromise
- Analyzing packets
- Using Wireshark
- Creating firewall rules
- Baselining a network
- Using capture filters
- Using a ring buffer
- Handling OSI layer attacks
- Identifying attack signatures
- Using VirusTotal
- Handling unwanted TOR activity
Skill Level Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Appropriate for all
1. Deep Packet Analysis
2. Capture Overview
3. Unusual Traffic
4. Case Studies
Next steps1m 30s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.