Jump to content

Port Scanning

KraftDinner
By KraftDinner
in Networking
 Share
Posted

Port Scanning works by sending packets to the target and listening to the response. Normally it scans specific ports (the "Well Known Ports"), but it can also be configured to scan more.

Anyone on the network can do this simply because it's extremely difficult to filter out. How do you know that these packets are not genuine users trying to connect?

It's also only sort of a threat. Port scans may tell an attacker what software is running on the device, potentially even the version (so it may allude to vulnerabilities), but its really more of a recon tool then anything else. So it's only a threat in that it gives an attacker some information about your system

15" MBP TB

AMD 5800X | Gigabyte Aorus Master | EVGA 2060 KO Ultra | Define 7 || Blade Server: Intel 3570k | GD65 | Corsair C70 | 13TB

Link to comment
https://linustechtips.com/topic/498262-port-scanning/#findComment-6658869
Share on other sites
Link to post
Share on other sites
Posted

port scanning can be done in many ways, but basically try to establish connections on all the ports to see what state the ports are in. It doesn't directly pose a threat unless you are sending enough packets to slow down the equipment on the receiving end. It could be dangerous in the sense that having a malicious person knowing things about your network might do harm, but the harm would come after the port scanning, not directly because of the port scanning.

Link to comment
https://linustechtips.com/topic/498262-port-scanning/#findComment-6658887
Share on other sites
Link to post
Share on other sites
Posted

Port Scanning works by sending packets to the target and listening to the response. Normally it scans specific ports (the "Well Known Ports"), but it can also be configured to scan more.

Anyone on the network can do this simply because it's extremely difficult to filter out. How do you know that these packets are not genuine users trying to connect?

It's also only sort of a threat. Port scans may tell an attacker what software is running on the device, potentially even the version (so it may allude to vulnerabilities), but its really more of a recon tool then anything else. So it's only a threat in that it gives an attacker some information about your system

Yeah, all that is correct. The only thing is, it's sort of easy blocking out the scans by simply disabling ICMP requests, since the usual scanner uses the ICMP protocol to check if the port is open. Correct me if I'm wrong.
Spoiler

Everyday build:

CPU: Intel Core i7 5960x - GPU(s): 2x EVGA GTX 980 Ti Superclocked+ ACX2.0+ (SLI) - Cooler: be quiet! Dark Rock Pro 3 - Motherboard: ASUS Sabertooth X99 - RAM: 32GB Kingston HyperX Fury Black DDR4 4x8GB (2666MHz) - Storage: Intel 750 Series 1.2TB + 4TB WD Black - Case: Corsair 760T White - PSU: SeaSonic 1200W 80+ Platinum Certified - OS: Windows 10 Pro - Wireless Adapter: TP-Link Archer T9E - Monitor: Acer XB270HU bprz - Keyboard: Corsair K70 RGB - Mouse(s): Corsair Gaming M65 RGB + Logitech MX Master - Headphones: Sennheiser PC363D

http://pcpartpicker.com/p/WhyK99 https://linustechtips.com/main/topic/474247-r8-my-build/

 

Weekend build:

CPU: Intel Core i7 5930k - GPU(s): 2x EVGA GTX 980 Ti Classified ACX2.0+ (SLI) - Cooler: NZXT Kraken X61 - Motherboard: ASUS X99-Deluxe - RAM: 32GB Crucial Ballistix Sport LT DDR4 4x8GB (2666MHz) - Storage: Samsung 950 Pro 512GB m.2 & 2TB Samsung 850 Evo - Case: Phanteks Enthoo Evolv - PSU: SeaSonic SnowSilent 1050W 80+ Platinum Certified - OS: Windows 10 Home - Monitor: Dell S2716DG 144hz - Keyboard: Corsair STRAFE RGB - Mouse: Corsair Gaming M65 RGB - Headphones: Sennheiser PC363D

http://pcpartpicker.com/p/YYK93C

Link to comment
https://linustechtips.com/topic/498262-port-scanning/#findComment-6660406
Share on other sites
Link to post
Share on other sites
Posted

Yeah, all that is correct. The only thing is, it's sort of easy blocking out the scans by simply disabling ICMP requests, since the usual scanner uses the ICMP protocol to check if the port is open. Correct me if I'm wrong.

1. Thats still a result. the point of a scan is to determine the state of the port, no response is still a valuable result.

2. Then regular clients can't connect either. if you are scanning a server that hosts multiple web services disabling requests makes that server useless.

Link to comment
https://linustechtips.com/topic/498262-port-scanning/#findComment-6660499
Share on other sites
Link to post
Share on other sites
Posted

Yeah, all that is correct. The only thing is, it's sort of easy blocking out the scans by simply disabling ICMP requests, since the usual scanner uses the ICMP protocol to check if the port is open. Correct me if I'm wrong.

You are mostly correct. The only issue with this is there are other scanning techniques out there that are very hard to detect and protect against (such as a Maimon scan). 

15" MBP TB

AMD 5800X | Gigabyte Aorus Master | EVGA 2060 KO Ultra | Define 7 || Blade Server: Intel 3570k | GD65 | Corsair C70 | 13TB

Link to comment
https://linustechtips.com/topic/498262-port-scanning/#findComment-6661363
Share on other sites
Link to post
Share on other sites
Posted

You are mostly correct. The only issue with this is there are other scanning techniques out there that are very hard to detect and protect against (such as a Maimon scan). 

Thanks

Spoiler

Everyday build:

CPU: Intel Core i7 5960x - GPU(s): 2x EVGA GTX 980 Ti Superclocked+ ACX2.0+ (SLI) - Cooler: be quiet! Dark Rock Pro 3 - Motherboard: ASUS Sabertooth X99 - RAM: 32GB Kingston HyperX Fury Black DDR4 4x8GB (2666MHz) - Storage: Intel 750 Series 1.2TB + 4TB WD Black - Case: Corsair 760T White - PSU: SeaSonic 1200W 80+ Platinum Certified - OS: Windows 10 Pro - Wireless Adapter: TP-Link Archer T9E - Monitor: Acer XB270HU bprz - Keyboard: Corsair K70 RGB - Mouse(s): Corsair Gaming M65 RGB + Logitech MX Master - Headphones: Sennheiser PC363D

http://pcpartpicker.com/p/WhyK99 https://linustechtips.com/main/topic/474247-r8-my-build/

 

Weekend build:

CPU: Intel Core i7 5930k - GPU(s): 2x EVGA GTX 980 Ti Classified ACX2.0+ (SLI) - Cooler: NZXT Kraken X61 - Motherboard: ASUS X99-Deluxe - RAM: 32GB Crucial Ballistix Sport LT DDR4 4x8GB (2666MHz) - Storage: Samsung 950 Pro 512GB m.2 & 2TB Samsung 850 Evo - Case: Phanteks Enthoo Evolv - PSU: SeaSonic SnowSilent 1050W 80+ Platinum Certified - OS: Windows 10 Home - Monitor: Dell S2716DG 144hz - Keyboard: Corsair STRAFE RGB - Mouse: Corsair Gaming M65 RGB - Headphones: Sennheiser PC363D

http://pcpartpicker.com/p/YYK93C

Link to comment
https://linustechtips.com/topic/498262-port-scanning/#findComment-6661462
Share on other sites
Link to post
Share on other sites
Posted

Yeah, all that is correct. The only thing is, it's sort of easy blocking out the scans by simply disabling ICMP requests, since the usual scanner uses the ICMP protocol to check if the port is open. Correct me if I'm wrong.

You can also check the security certificates that are accepted for connections as a way to guage if it is worth your time for example.

AMD Ryzen 7800 X3D, MSI B650 Project Zero, Antec C5, Gigabyte RTX 4080 Super Aero

 

Nikon D500 | Nikon 300mm f/4 PF  | Nikon 200-500 f/5.6 | Nikon 50mm f/1.8 | Tamron 70-210 f/4 VCII | Sigma 10-20 f/3.5 | Nikon 17-55 f/2.8 | Tamron 90mm F2.8 SP Di VC USD Macro | Neewer 750II

Link to comment
https://linustechtips.com/topic/498262-port-scanning/#findComment-6661543
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Port Scanning works by sending packets to the target and listening to the response. Normally it scans specific ports (the "Well Known Ports"), but it can also be configured to scan more.

Anyone on the network can do this simply because it's extremely difficult to filter out. How do you know that these packets are not genuine users trying to connect?

It's also only sort of a threat. Port scans may tell an attacker what software is running on the device, potentially even the version (so it may allude to vulnerabilities), but its really more of a recon tool then anything else. So it's only a threat in that it gives an attacker some information about your system

 

 

port scanning can be done in many ways, but basically try to establish connections on all the ports to see what state the ports are in. It doesn't directly pose a threat unless you are sending enough packets to slow down the equipment on the receiving end. It could be dangerous in the sense that having a malicious person knowing things about your network might do harm, but the harm would come after the port scanning, not directly because of the port scanning.

 

 

Try it out for yourself, will give you an idea of what information you can gather.

 

https://nmap.org/

 

 

Thank you all for the help this really cleared up some confusion :)

Link to comment
https://linustechtips.com/topic/498262-port-scanning/#findComment-6661744
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×