Port scans and ping sweeps are network probes, these two malicious computer activities can lead to intruder access and the ability to change information, intrusion within the private network of a company, and/or change or delete the previous settings and destroy the whole system and network. These exist and are used daily, but fortunately we have technology to detect it and stop it.
A network probe may not be a direct threat of intruders and invasion of your network, but it is definitely a clue that you potentially will have an intrusion if nothing is done. Knowledge of probes is important so that they can be detected and stopped before any intruders are given access. There are many different kinds of network probes but ping sweeps and port scans are the two most common ones.
Ping Sweep – body Ping sweeps are not only for intruders, they are also used by network administrators or root users on their own network. Ping sweeps are useful for determining whether or not a machine is alive and responding and which ones are not. For administrators and root users, this is used for troubleshooting and license issues. When a ping sweep is used, ICMP echo request/message is sent to the machine of choice. If the machine responds back, then it is reachable, communicating, and alive. This is not a direct threat yet, but turns into one if the user who used the ping sweep is looking for a target. For intruders, the next step after the ping sweep is a port scan. Fortunately both port scans and ping sweeps can be found and removed using an IP protocol logger which detects TCP, UDP, and ICMP packets. Port Scan – body Port scans are used to find which ports are open and show what may possibly be running on the target machine(s) from the ping sweep. The intruder will send specially formatted data packets to the ports to get more information, such as: operating system, running applications, etc. This still is not a direct threat, but the intruder is slowly grabbing information that will reveal the vulnerabilities within the computer. When created, the intruder can gain access to the target machine and destroy the target from the inside. Once an open port is found and vulnerable, an average programmer can create a code that will give them full access in as little as 15 minutes. On the target machine, the operating system can usually find the port scan. There are many special tools such as scanlogd that will detect it and help you stop the intrusion from either ping sweeps or port scans.
Education is key to protecting oneself. One should update himself with readings about security prevention and downloading the latest security patches for the operating system and the Internet Security software. If the network does not have a DMZ zone, then the intranet may be vulnerable since intruders are unable to penetrate the DMZ zone. Lastly, firewalls are a must, to keep open ports and machines protected. Remembering that there is no such thing as a intruder proof network will allow you to never take a chance on exposing yourself. Keep the software up to date and hire ethical people to watch the networks will decrease the chances of being hacked. Ping sweeps and port scans have been around for a while and intruders are getting smarter. The “good guys” have to be one step ahead of the intruders in order to win this war against intrusions. It is possible to have a secure network of machines, but education, software and hiring process has to be up to par every day.
Teo, Lawrence (2000, December) Network Probes Explained: Understanding Port Scans and Ping Sweeps.
Linux Journal, Retrieved March 8, 2008, from http://www.linuxjournal.com/article/4234 Unknown (2005).
Block unauthorized access to your computer to increase security . Xnews.ro, Retrieved March 8, 2008, from http://www.xnews.ro/QWblock_unauthorized_access.htm