What are Ping Sweeps and Port Scans? And what effect it has on your company. Port scans are techniques used by attackers attempting to learn which ports are being used, probing for vulnerabilities and weakness trying to gain access. Ping sweeps are other technique attackers use to find out which system on the network is active. I will discuss the effect that port scans and ping sweeps have on an unprotected network and what can be done to prevent such attacks. A Port scan basically sends a message to each port, one at a time. Based on the type of response that’s received tell the attacker weather the port is being used and can be checked for weaknesses. One of the most popular types of port scanning used is TCP SYN scan. “SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes TCP connections. ” ("Nmap Reference Guide," Chapter 15) Nmap is a free and open source utility for network discovery and security auditing and can be used to discover vulnerabilities and weaknesses in your own network. There are tools and utilities such as Snort, which “is an open source network intrusion detection system and network intrusion prevention system capable of performing real-time traffic analysis and packet logging on IP networks”. (Bradley) Having your firewall, network and Intrusion detection system properly configured can prevent unwanted attacks. Many Network Administrators perform ping sweeps for diagnostic reasons looking for live machines on their network however ping sweeping is a techniques attackers use to probe your network by sending “a set of ICMP ECHO packets to a network of machines (usually specified as a range of IP addresses) and sees which ones respond. The whole point of this is to determine which machines are alive and which aren't”....
Please join StudyMode to read the full document