Ping Sweeps and Port Scans

THESIS STATEMENT

Network probes, such as port scans and ping sweeps, can lead to intrusion of private systems of a company or network, enabling the intruders to gain access and change, or worst, ruin the settings of vulnerable target machines which can also ruin the whole company system as well, however, due to the advancement in technology, such activity can be detected and prevented using special tools.

INTRODUCTION

Ping Sweeps and Port Scans are two most common network probes which serve as important clues in sensing invasion or intrusion that can harm the network’s systems of machines. Though network probes are not truly intrusions, however, they may be potential causes of actual intrusions in the future (Theo, 2000). To avoid such circumstances, it is better that we have knowledge about how probes are performed and how we can detect them.

PORT SCANS

Port Scanning can discover the services running on a target machine giving the intruder a chance to study the whole system, making it easy for him to make a plan on how to attack any susceptible and defenseless service that he finds. For example, if an intruder finds any open port, such as port 143, he will observe what running IMAP version is on the target. If the version is weak, he can have an access to the machine using an “exploit” (Theo, 2000).

How is it performed? You just need to connect a series of ports on the machine, finding which ones respond and which don’t. A good programmer can write a simple port scanner in just fifteen minutes using Java or Perl language. On the other hand, this kind of port scan is easily detected by the operating system of the target machine (Theo, 2000).

A tool called “scanlogd”, developed by the Solar Designer, is a dæmon running in a background and listening on the network boundary for port scans. The scanlogd recounts the detected port scan through inscribing a line using the syslog mechanism (Theo, 2000).

PING SWEEPS

In ping sweeps, a set of ICMP ECHO packets is being sent to a system of machines, specifically a range of IP addresses, and find out which ones will react. Active machines that respond will be the potential target of the intruder; from there he will focus on attacking and working on these machines. However, ping sweeps is sometimes performed by the network legitimately to find out which machines are alive for diagnostic reasons (Theo, 2000).

Like port scans, ping sweeps can be detected using a special tool. ippl, an IP protocol logger, can log TCP, UDP, and ICMP packets. It works like the scanlogd, wherein it sits in the background and snoop for packets (Theo, 2000).

CONCLUSION

Since network probing activities like port scans and ping sweeps can be detected and prevented using special tools, there is no need to worry on possible intrusions of network systems and machines. Network machines needed to be secured with these special tools to avoid intrusions through probes.

There are still many types of network probes which are significantly maturing today, however, these activities can still be detected also using the advancement in technology and proper skills and knowledge.

REFERENCES

• Teo, L. (1 December 2000). Networks Probes Explained: Understanding Port Scans and Ping Sweeps. Retrieved 22 November 2007 from http://www.linuxjournal.com/article/4234
• Thompson Course Technology. Port Scanning. [electronic version] . Hands-On Ethical Hacking and Network Defense. Chapter 5.