In this article, I will explain what ping sweeps and port scans are, what they are used for, and how we can protect ourselves.
Ping sweeps and ports scans are a common ways for hackers to attempt to break a network. As a system administrator this is a concern and for the boss this should not be a worry for him. The system administrator has a lot of steps to stop attempts from hackers to get any information by using the ping sweeps and ports scans. Once, the hackers are discouraged they should move on to another site. With proper education, software and support, one can take the first steps to preventing any malicious type of activities in a network. Ping sweeps and port scans can be dangerous, but can also be prevented.
A ping sweep is a basic networking scanning technique used to determine which range of IP addresses map to live hosts. A single ping will tell whether one specified host computer exists on the network. A ping sweep consists of Internet Control Message Protocol (ICMP) Echo requests sent to multiple hosts, this is done to determine which machines are alive and which ones aren’t. If a given address is live, it will return an ICMP Echo reply. Once the hacker knows which machines are alive, he or they can focus on which machines to attack and work from there. Not only hackers perform ping sweeps, system administrator may be trying to find out which machines are alive on a network for diagnostics reasons. The system administrator can use ping sweeps for trouble shooting purposes or even for licenses issues. Pings sweeps should be detected by an Intrusion Detection System, but to avoid potential DOS attacks, or intrusions, system administrators need to use other methods to test connectivity. Since using ping sweep can help hacker, one can have the ping sweep turned on only when someone is testing the network connectivity.
Port scans are the most common probing tool available. Port scans take ping sweeps to a different level. Port scans actually “look” at a machine that is alive and scan for an open port. Once the open port is found, it scans the port to find the service it is running. All machines connected to a Local Area Network or Internet run many services that connects at well-known and not so well known ports. A port scan helps the attacker find which ports are available. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Typical ports scans can show up in system logs. Protecting the machines from such attacks can be very easy. Number one rule is to remember that all times is to always assume vulnerability. No one machine on a network is completely safe from an intruder. The best way to protect the machine is to never expose any important security information on a machine. Passwords, SSN, financial information and password hints should be kept on an encrypted flash drive. Keeping this information stored on a computer is like have the password to an ATM card in the purse or wallet. It allows the intruder to get your information faster.
Education is key to protecting oneself. One should update himself with readings about security prevention and downloading the latest security patches for the operating system and the Internet Security software. If the network does not have a DMZ zone, then the intranet may be vulnerable since intruders are unable to penetrate the DMZ zone. Lastly, firewalls are a must, to keep open ports and machines protected. Remembering that there is no such thing as a intruder proof network will allow you to never take a chance on exposing yourself. Keep the software up to date and hire ethical people to watch the networks will decrease the chances of being hacked. Ping sweeps and port scans have been around for a while and intruders are getting smarter. The “good guys” have to be one step ahead of the intruders in order to win this war against intrusions. It is possible to have a secure network of machines, but education, software and hiring process has to be up to par every day.
References Teo, Lawrence (2000, December)
1). Network Probes Explained: Understanding Port Scans and Ping Sweeps.
Linux Journal, Retrieved March 8, 2008, from http://www.linuxjournal.com/article/4234 Unknown (2005).
Block unauthorized access to your computer to increase security . Xnews.ro, Retrieved March 8, 2008, from http://www.xnews.ro/QWblock_unauthorized_access.htm