Networks are continually vulnerable to threats, which is why it is important to understand the ramifications of ping sweeps and port scans. While ping sweeps and port scans are not attacks in and of themselves, they are probing activities. Ping sweeps are automated processes that show the malicious user which computers on a network are active, whereas port scans identify the potential points of entry into a network from which to launch an attack. Both ping sweeps and port scans are threats that can be averted in order to protect network security.
Ping sweeps are akin to shouting aloud in a canyon and waiting for a response, or sending a call on a radio. Usually, intruders can create robots to conduct ping sweeps for them. One protocol used is the ICMP ECHO (Teo, 2000). The ICMP ECHO sends messages within a range of IP addresses. Another type of ping sweep is the fp tool, which works more in a "round robin" fashion by sending a ping individually to each address (Teo, 2000). Computers that are online will, if they are unprotected, answer the call. Those computers that respond are vulnerable to attack, as the intruder has narrowed down which systems are available and online to probe further. Of course, it is easy to see how ping sweeps have become a necessary part of network diagnostics. Therefore, ping sweeps are not all bad, but they can be used in malicious ways.
Port scans are mechanisms that detect open ports on the network, which can allow malicious users direct entry into the system. The process is much like a thief watching a house to scan for open windows or doors ("Ping Sweeps and Port Scans," 2014). In order to communicate on a network, sending data back and forth through protocols and systems like email, ports need to be opened and closed periodically. Port scanners capitalize on these normal behaviors by recognizing which ports are being used for two-way communication and identifying the protocols being used to access those ports. Continuing with the analogy, it is as if the thief is determining how high up the window is and what tools are needed to enter the house. Port scans are "the most common type of network probe" and are "actually very simple to perform," (Teo, 2000). Once the malicious user determines which ports are open, a series of further tests can be used to identify vulnerabilities that allow access to data. Vulnerable data includes financial information, employee personal data, and other company secrets.
Ping sweeps and port scans can be used together to help hackers launch calculated attacks on any network. While the ping sweep identifies specific computers that are online, the port scan helps determine the mode of entry into the system to gather whatever data is the target of the attack. Together, ping sweeps and ports scans present definite dangers to organizations unprepared to defend themselves. This is why it is critical to know how to prevent attacks. Simple port scans are easy to detect, but sophisticated hackers know how to develop stealthy methods of scanning networks and discovering vulnerable ports of entry. More sophisticated port scans include "half open" scans, which are not typically logged as scans due to their taking advantage of TCP/IP loopholes (Teo, 2000). The most sophisticated form of port scan being used now is the Network Mapper (Nmap), which performs several types of scans simultaneously in a stealthy way (Teo, 2000).
You’re 87% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.