An Introduction to Port Scans and Port Protection

First, What are Port Scans?

What Techniques are used for Port Scans?

  • Half-open SYN Scans A SYN scan is used when a hacker wants to determine the particular status of a port. The half-open part of this title references the fact that they do this without actually establishing a full connection. Instead of creating a connection between systems, this form of the port scan will send a message, seeing which ports move to respond to the message. As a rapid form of scanning, this instantly tells an attacker which ports on your system are currently open, helping them find particular devices to target when they launch an attack.
  • XMAS Scans — Out of the three main formats for port scanning, XMAS scans are by far the hardest to detect. To detect and prevent these scans, you would have to have a designated tool that actively checks and defends your ports, which many businesses overlook. In fact, over 35% of all universities have open ports, so this just goes to show how vulnerable some institutions are. An XMAS scan will send a FIN packet, which will require a server to relay a message saying that there isn’t any more data available. If the port is closed, they will get this response. However, if no response is received, then the attacker will know that the port is currently live, then maneuver to target these systems. FIN packets are hardly ever monitored, making this incredibly difficult to catch manually.
  • Ping Sweeps — Finally, a ping sweep is where an ICMP (Internet Control Message Protocol) is sent to several servers, with a hacker waiting for responses. If a response is made, then this is a server that a hacker could potentially send a data packet to in the future. Ping scans are commonly run by cybersecurity firms in order to find areas where a firewall isn’t adequately covered. From there, they’ll attempt to remedy the situation.

How to Prevent Port Scan Attacks

  • Use TCP wrappers on your servers
  • Check the strength of your firewall (is it working?)
  • Uncover forgotten systems through your own port scans

Final Thoughts

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ODSC - Open Data Science

ODSC - Open Data Science

94K Followers

Our passion is bringing thousands of the best and brightest data scientists together under one roof for an incredible learning and networking experience.