Port Scanning
What is Port Scanning?
Port Scanning has been talked about a lot over the years in magazines on in the Internet most users know its something bad but little else on what it actually is and what it does.
What Are Ports?
Most people know that the back of there computer has ports, your plug your mouse in to the mouse port for example. Hardware ports are the sockets you plug things in to like your printer, scanner, camera’s and USB devices. However what a lot of people don’t realise is that there thousands of software ports, these are the “channels” your computer system and programs use to communicate with each other. There are lots of standard port numbers so software vendors and users know which port to use for which function. For example if when your email program sends an email it talks to the server via port 25. When you typed in our website address the request to the websever to retrive the site for you was sent via port 80. All together there are 65535 port numbers that can be used
What is Port Scanning?
Port Scanning is basically a hackers way of searching machines connected to the Internet to find a way in to a machine via a port that is unsecured (or open). Network Administrators and Security Specialist also use port scanning to check for vulnerability in there network or programs so they can close off the vulnerability before its found by a malicious user.
How does Port Scanning Work?
The port scanning program sends some data to each port it is testing to check for a response. In simple terms its like someone knocking on all the doors and windows of your house to see what response they get.
The response they get is usually one of three following things
- Open Response – This tells the hacker that this port is open and the service is listening
- Closed Response – This tells the hacker that this port exists but no connections to it are allowed
- Dropped or Blocked – This tells the hacker nothing no response nothing exists on the port
From this you can probably tell that the malicious user is looking for open ports so they can try and remotely connect to the machine for many reasons which could include drop a virus or trojan, steal some confidential information, take control of the machine for malicious reasons. Many exploits use something called buffer overflow when an open port is found. However as mentioned above there are also legitimate reasons for port scanning.
How To prevent Port Scanning?
Rather than prevent port scanning as this is something you as the end use has little control over you want to make sure your machine is not telling any port scanner it has open doors. Looking at the responses and thinking of it again in terms of your house, if a burglar came to your house and found and open door great – if he finds a door that is closed – that may well deter him but he may come back at a later time to see if the door has been left open. However if he came to you house and couldn’t find any doors then he will not be interested in come back later. So we make sure our computer has no open doors by using something called a Firewall.
This basically acts as a barrier between your computer and the Internet only allowing programs and communications you have authorised through the wall to your computer and keeping any others out. In short it places your computer in stealth mode as far as port scanning is concerned. Having a firewall is a must, windows XP service pack 2 has one as standard although its not as good as many on the market it better than nothing. We would recommend using a separate firewall like Norton’s Internet Security System or MacAfee’s or better still ZoneAlarm which has an excellent free version you can download and use.