Port scanner

From InfoAnarchy
Jump to: navigation, search

See also: TCP/IP | Security | Attack

A tool that sends signals to a local or separate computer on all possible ports. Not considered an attack, it is a mechanism sometimes used before attacking a system or to fortify against one. Port Scanning is often considered a Bad Thing but is used by administrators as well to to help find elements on a network that could be attacked. Any admin who notices a port scan he did not initiate should be wary and try to block it.

Port scanning is not good network etiquette as it takes up bandwidth and can be used for illicit purposes but, by itself, is not illegal in the USA. However, a Port Scan makes an attack easier by knowing which ports are open.

Some port scanners, like Nmap, include extensive options. Among other options, Nmap has the ability to detect which user runs a service provided identd is enabled, detect which ports are filtered and detect which OS and architecture a computer is running.

A computer with all patches applied has nothing to worry about from a port scanner. However, very public Web sites can still be victim of denial of service attacks or rare zero day exploits.

Firewalls and Network Intrusion Detection System can help on some operating systems or simply turning a port off in Linux and other *Nix systems is one way to stay safe against this activity as a prelude to an attack.

Related