A port is a communication endpoint that facilitates data transfer between two devices, or an application and a device. If a port is open, it is being used for a particular service or application and is actively listening to requests sent to that application. If the applications using open ports aren't patched well, these ports can be exploited and used for launching attacks. A port scan is a method that is used to spot open ports on a network. Running a port scan reveals the open ports in the network and network security devices such as firewalls deployed between the sender and the receiver.
Normally, port scanning of a network is performed during penetration testing to assess the strength of network security. However, cyber attackers also use this method to identify vulnerable ports within the network and understand the network security of the target. When used by cyber attackers, it is called a port scan attack.
An attacker tries to connect to the target host by communicating with all the 65536 available system ports. Firewalls respond to this attack in one of three ways, depending on the status of the port:
So, even if a particular port is closed, the attacker gets to know about the device behind that port. A successful connection through an open port will allow the attackers to intrude into the network.
Port scanning is usually carried out in two modes: strobe and stealth.
When an attacker scans only a few ports, say less than 20 ports, in a given time, it's referred to as the strobe mode of port scanning. On the other hand, when an attacker listens to a port for a longer duration, say for one month, and gradually executes port scanning, it's known as the stealth mode. In both the modes, the attacker goes unnoticed. However, stealth mode port scanning is relatively difficult to detect as the attackers could establish communication with the application without going through the handshake process.
Even when you've deployed the adaptive firewalls and set up traps, you would still need to conduct an analysis on the origin of malicious traffic. This way you can block those IPs at your network-level firewall and reduce the scale and impact of the exploit.
EventLog Analyzer, a comprehensive log management solution, helps you with a detailed report on all port scan attempts and also lets you know in real-time when port scan is happening through its real-time event response system. Check out how this solution can help you deal with port scan attacks.
Manage logs, comply with IT regulations, and mitigate security threats.
Our support technicians will get back to you at the earliest.
Zoho Corporation Pvt. Ltd. All rights reserved.