Port Scanners: Helping You Secure your Network

Port Scanners

Ports are numbered and are divided such that they are recognized by the internet and other protocols such as TCP and UDP. These port numbers are used by the systems and protocols to interact with each other. The three ranges are Well Know ports (0 to 1023), registered ports (1024 to 49151) and dynamic or private ports (49152 to 65535). In any communication the system is referred by two components an IP address and a port number.

Port scanner is software that searches the ports and places them into one of the categories

• Accepted or open port
• Denied or closed port
• Dropped or blocked port

The information gathered or described by a port scan has many legitimate uses like knowledge of the status of the port and hence verification of the security of the network. Blocked or dropped port is a safe option and has no vulnerabilities reported so far. A closed port is indicated by the host sending a reply that connections will be denied to that port. From network security aspect the issue with a closed port is security and stability concern associated with the operating system. An open port represents vulnerabilities to the applications that are using the port as well as the operating system.

Port scanning can be used by those intending to compromise security and use IP port scanners or advanced port scanner to detect ports on which they can launch a denial of Service attack or a buffer overflow and compromise the security of the network and computers in the network.

Network Vulnerability Scanner

Network vulnerability scanner is a tool to determine if your LAN or WAN is open to attack. Vulnerability scanners are many but most of these are intrusive and can be detected. Bad guys use these vulnerability scanners to identify devices on the network that are open to known vulnerabilities. These software’s works differently; some access the system registry while others exploit each target device. Many packages like Foundstone professional, eEye Retina, SAINT, Nessus etc… are available in the market. MBSA-Microsoft Baseline Security Analyzer does a check to see if services packs and patches are updated on the system to prevent attacks.

Packet Sniffer

Packet Sniffers is a legitimate program for easy and effective troubleshooting of the network by the network administrator. The function of a packet sniffer is to identify packets that are erroneous and bottlenecks in the network. If placed in promiscuous mode it captures all packets on the network. Within a given network the user name and password are transmitted in plain text. With the packet sniffer the attacker can gain access into the network and compromise all the other systems on the network. Network sniffers are available and are able to capture data on any type of network even switched networks. IP sniffer works on networks that communicate using IP-Internet Protocol. Password sniffer is another program that activates during the sign in process to services and stores user names and passwords that can be used to compromise the network.

Mal ware that can give the attacker administrative privileges are presently being used by hackers. These are known as root kits. Their code is embedded in web pages and is downloaded unknowingly by surfers through improperly patched web browsers. Root kit revealer will help you find out if your system is compromised by root kit mal ware. It also aids in root kit removal.

Port sniffers, Web sniffers, Packet sniffers, hacking port scanners, vulnerability scanners and root kits are all methods used by hackers to get into the network and gain crucial information about an organization. The monetary gains in such illegal activities only seem to be increasing network security breaches. The good guys will have to work hard to keep these bad guys away.

Related Articles

How Vulnerable is Your Network?
Can You Find Out who is Intruding Your PC?
Effective Tips: Prevent Network Attacks with Firewalls
Top Network Security Products