What is Port Scanning?

Port scanning is the practice of sending out packets of information to numerous ports in order to identify which ports are open or vulnerable to attack. Port scans can be both malicious and innocuous, depending on who originates the scan.

The information found during a port scan is often sensitive, and port scans often reveal network security holes. As a result, this technology is often abused by attackers and hackers with malicious intents.

How Does Port Scanning Work?

When running a port scan, a packet of information will be sent to a wide range of ports on an IP address. Often, port scans will try both popular ports, such as port 21 and obscure ports that appear random. If the port is not blocked, the port scanner will record this information. As a result, a comprehensive picture of port vulnerabilities can be drawn.

Unfortunately, port scans are often run by hackers and others with malicious intentions. They will pick a target and then run port scans on every IP address they can find that belongs to that target. They do this in order to find ports that are open and that they can use as a venue of attack.

Due to this scenario, running periodic port scans is an important part of information security. By running regular port scans, network administrators can determine what ports are open and use this information to thwart attackers.

In recent years, many ISPs have made the decision to block their customers from running port scans over the Internet. This is due to the amount of individuals which abuse the technology due to nefarious reasons. Most ISPs now limit customer port scanning abilities to their own home network.

Port Scanning Options

There are many different options for running port scans, and these options vary depending on the software being utilized. Common port scan options include specifying port ranges, timeouts, IP address ranges, scan start time and packet type.

Port Scanning Software

There are many different options available for port scanning software. They range from free products to premium software suites. Some of the most popular products include:

- Nmap
- Nessus
- SAINT
- OpenVAS

Avoiding Port Scan Security Holes

While port scans can be used for dastardly purposes, the court system has ruled that that are not illegal. In order for traffic to reach the Internet, it is necessary that ports be opened to allow the traffic to flow. As a result, there is no way to completely stop port scans from occurring. However, there are a few ways to increase network security to avoid port related breaches. The simplest way to avoid port related breaches is to simply run port scans and close all unused ports. Additionally, products like PortSentry can track and mislead port scans run against networks.