Scan Your Home Network Like a Hacker (Beginners Guide) Part 1
Enter GRC
Let's start off with an analogy. You order a product from Amazon, and have it shipped to your street address. The process goes something like this:
Amazon address --> Package travels with sender/recipient address --> USPS center closest to you --> Your home address.
Let's use that same process for a computer file that is sent to you at home.
Senders computer --> Data travels with sender/recipient IP address --> Your internet service provider --> Your home router --> Your computer.
If someone knows your home address, they can walk up to your door, and knock on it. They could also test your home security a few different ways; perhaps turning the doorknob to see if it's locked, or walking around the house to look for open windows, maybe finding a key hidden under a rock.
The same is true if someone knows your IP address. Anyone that knows that IP address can come knocking on your network door. They too can test the security of your home a few different ways. They can look for holes, services, or other pathways into the network. Let's take a look at some of your information.
Your Public IP is here.
Your Private IP (the computer you are on) is here.
You have a home router, the workhorse of your Internet access, sitting somewhere in your house, hooked up to your cable or DSL provider. It is probably providing your WiFi as well. This is the unit that knows what to do with that Public/Private IP. Your PC/Mac/Linux machine is what is using the Private IP. It looks something like this:
Internet <--> Your ISP <--> Your Home Modem/Router (Public IP) <--> Your Computer (Private IP)
Just a FYI; if you visit someone's website, they have this information - bet.
So a hacker has gotten your public IP address through various methods, and now it's time to test the water, see if you have anything interesting going on. To make this a little more complicated, we'll introduce Ports.
A port is a logical addition to an IP address. If you're visiting a website, for instance, you are actually visiting an IP address + Port. These days most websites use encryption and port 443. So, when you type in your web browser, https://www.google.com, you're actually visiting https://www.google.com:443 (or whatever port they choose, commonly 443). This means there is a webserver actively listening for requests on that port. The 443 is not needed because of a long answer that we don't need to get in to. It's only important to know that Ports are what a hacker is searching for. If they find a port that is open, that means there is a software/service listening for requests. The first action a hacker will take is what is known as a port scan. Let's do one on your network now!
1. Navigate to: GRC
2. Click on Proceed button
3. Find and click All Service Ports ( a little button in middle of page )
4. Let it scan
This is a port scan. Using your IP address, it will scan your home router for open ports. It will scan ports 0-1055, and if it finds any open, they will show as red. In my case, I have two red ports, port 80 and 443. There is a website server sitting on my network, so I've allowed those two ports to be open, so anyone can access the website from the Internet. This leaves me open for attacks, but I have more security measures in place to make sure this doesn't happen.
Do you have any red ports? If they are all green, you're golden! If there are some red ones, and you're not aware of any services that should be reaching the outside world, you should investigate.
What's the point of this? If you have ports that are open, and someone knows your IP address, they can use that to find flaws in your network. Say you have port 80 open, someone could craft some magic to test the inside of your network. If you're computer doesn't have the latest security updates, or has some software on it that is exploitable, that's all they need to start doing damage.
I'll dig more into this in a part 2, soon. Probably will add to this as well....