The What, Why, and How of Port Scans
A port scan, also known as a network scan, enables an attacker to find out which ports on your computer are open and what is running on each of those ports. This will give the attacker valuable information about your operating system and the network you’re using. For example, if the attacker finds that port 22 (SSH) on your computer is open, he or she will know that there’s most likely another computer on your network that runs SSH and can be hacked into. This guide will introduce you to port scans, explain why they’re important, and show you how to avoid them.
Understanding a port scan
A port scan is a way for someone to find out which services are running on a network and how they are configured. By scanning all the ports on a system, an attacker can learn a lot about the system and what vulnerabilities it may have.
There are two basic types of port scans: active and passive. Active scanning involves sending packets to ports on a system that should be closed. These tests usually generate a response from systems with open ports which may reveal information about what services are running on those systems. Passive scanning involves monitoring an established connection to see what is being sent through it. In both cases, there are several tools an attacker can use to perform such scans. One tool that is popular today is Nmap – short for Network Mapper (and pronounced Nimpa). This tool can scan many different ports in a system’s address space looking for open ports that have associated services listening on them.
Knowing when you have been scanned
If you’ve been targeted by a port scan, you’ll know it. Your server logs will show numerous connection attempts from the same IP address within a short period of time. You might also see failed login attempts from the same IP address. If you have a firewall enabled, you might see rejected connection attempts in your logs as well.
Reducing the chance you will be attacked
Most attacks happen through open ports. By reducing the number of open ports on your system, you reduce the chance that an attacker will find an entry point. Firewalls can help block ports, and keeping your software up-to-date will reduce the chances that a known vulnerability will be exploited. Other measures, like honeypots and port Knocking can also be used to further secure your system.
Protecting yourself from a full attack
If you think someone might be trying to port scan your system, there are a few things you can do to protect yourself. Firewalls can be configured to block port scans, and you can also use IDS/IPS systems to detect and respond to them. You should also keep your software up to date, as many attacks exploit vulnerabilities that have already been patched. Finally, don’t forget the basics of security: strong passwords, two-factor authentication, and limiting access to sensitive data. By taking these precautions, you can make it much harder for an attacker to successfully port scan your system.