Port Scan Attack is one of the most popular reconnaissance techniques attackers use to discover services they can break into. All machines connected to a network run many services that use TCP or UDP ports and there are more than 6000 defined ports available. Normally port scan does not make direct damage just by port scanning. Potentially a port scan helps the attacker find which ports are available to launch various attacks.
Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Port scanning usually happens for TCP ports, which are connection-oriented and therefore give good feedback to the attacker. The main port scan attacks are listed as follows:
Stealth scan : it is a kind of scan that is designed to go undetected by auditing tools. So scanning very slowly becomes a stealth technique. Other techniques such FIN scanning and SYN scanning are used too.
SOCKS port probe : SOCKS is a system that allows multiple machines to share a common Internet connection. The reason that attackers scan for this is because a large percentage of users misconfigure SOCKS which permits arbitrary the sources and destinations. It may allow a attacker access to other Internet machines through your system to hide his/her true location.
Bounce Scans : Attackers scour the Internet looking for systems they can bounce their attacks through. FTP bounce scanning takes advantage of a vulnerability of the FTP protocol itself. Other applications such as EMAIL server, HTTP Proxy, Finger etc. all have vulnerabilities for attackers to do bounce scans.
UDP Scanning : Scan UDP ports to find the open ports. This is not often used by attackers since it is easily blocked.
Port Scanning Tools
Freeware for port scan is available for anyone to use. There are three often used tools: SAINT, nmap , and nessus. nmap is clearly and primarily a port scanner and it is a utility for port scanning large networks, although it works fine for single hosts. Port Scanning Tools can be used legitimately for admins and users to learn network vulnerabilities.
Port Scan Attack Mitigation
The Port Scan attack can be effectively reduced (if not completely solved) by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy sources. There are many Port Scan detecting tools and products available on the market. For Linux systems, there is an open source program Port Scan Attack Detector (PSAD) available for free using.
Download BullGuard’s Internet security to prevent port scan attack
0 comments