How A Port Scan Works
With many new security threats arriving everyday, protecting your computer and digital files is even more important. One threat today is port scanning. Port scanning happens to most people whether they realize it or not. Protecting yourself against port scans can help you secure your system from malicious users.
All computers have ports, and services run on these ports. When your computer needs to connect to your mail server in order to check your email, it will open one of these ports and make a connection to download your new email. However sometimes these ports are always on and listening. A port scan occurs when an attacker scans a host to see which ports are open and which are closed or not in use.
Think of a port scan like checking doors and windows of your house to see if it is locked or not. While the attacker may not break into your house he may know that there is a window unlocked and entry can be achieved easily. A port scanner works in much the same way as it checks ports on your computer to see which is closed or open. It is not illegal in most places to do a port scan because basically your just checking if the connection can be made and not actually making a connection to the host. However it is possible to create a Denial of Service attack if port scans are made repeatedly.
Many firewalls can protect you against port scans. A firewall is a program that monitors outgoing and incoming connections to your computer. A firewall may open all ports on your system to effectively stop scans from showing any ports. While this approach works in many cases. Port Scans have advanced with new techniques such as ICMP port unreachable scans, and NULL scans. While its best to try and filter all port scans to your computer, its also important to realize that any ports that are open and listening need to be investigated.
Leaving open ports on your machine can lead to a system compromise causing lost data, and possibly identity theft. A port scan of your own system can show you exactly what an attacker sees and what sort of action you need to take to prevent an attack on your system.
One of the most popular port scanners available today is NMap from insecure.org. NMap is available for free download and is available for UNIX and Windows based systems. Its important to understand how NMap works so you can take the same approach as an attacker would against you. There are other port scanning software available and each has their own port scanning features. However NMap is by far the most popular and is loaded with features and different sorts of port scans you can perform.
While a port scan may not mean your system is about to be attacked. Its important to note that if a port scan occurs, someone knows about a weakness in your system if there is one. This thought alone is enough to consider auditing your firewall for port scan attempts.
Gloss