This report is to provide insight on nefarious computer activities called ping sweeps and port scans as a request from management. I will identify them, explain what they are use for, how they are used and how to stop them from attacking a network. Finally I will discuss how they can be eliminated as security risk. The information in this report is designed to increase the understanding and knowledge of these two activities so that this company’s IT department will be in a better position to recognize them and block potential attacks from their use. According to S. Branch (2012), in his article What is a Ping Sweep he says “A ping sweep, also called an Internet Control Message Protocol (ICMP) sweep, is a diagnostic technique used in computing to see what range of (IP) addresses are in use by live host, which are usually computers”. Ping sweeps are not unusual, they are often used by administrators in diagnosing network issues; however, hackers also use ping sweeps to find active computers so they will know where to concentrate their attacks. This can become a serious security breach for an unprepared network.
Hackers send not one ping but many packets at the same time. This tends to slow down a network. When the hackers ping sweep finds an active computer it can send request for confidential information. There is no reason to be alarmed by ping sweeps because the solution for stopping them is very simple. The system administrator only need to disable ICMP packets and if the system administrator wants to do a ping sweep, just enable the ICMP packets temporarily. According to S. Branch (2012), “ping sweeps are older and slower technology, and are not in use as much as in the past”. A port scan attack is a popular reconnaissance technique that attackers use to discover services they can break into according to Yahoo Answers (2007), Author unknown. Yahoo Answers states that “All machines connected to a network run many services that use TCP or UDP ports and there are more than 6000 defined ports available. Normally port scan does not make direct damage just by port scanning. Potentially a port scan helps the attacker find which ports are available to launch various attacks”.
A port scan sends a message to each port one at a time. The response received back indicates whether the port is being used and if so, the port will be probed for weakness. TCP ports are the most attacked ports because they are connected oriented and give good feedback to the attacker. The most frequent port scan attacks to look for are: Stealth Scan, which is design to be undetected by auditing tools, SOCKS, which allows multiple machines to share a common internet connection, easy access when not configured correctly. Bounce Scans, are systems that they can bounce their attacks through. These systems are FTP server, Email server, HTTP Proxy, Finger and others. These all have vulnerabilities to do bounce scans. They also use UDP ports to find open ports, but it is not often used because it is easily blocked.
Port Scan attacks can be reduced or completely solved by deploying Firewalls at critical locations of a network to filter unwanted traffic. There is also Port Scan Attack Detectors (PSAD) on the market for free use. In the fast developing world of computer technologies there will always be hackers and other types looking for ways to still. In the earlier days of computer technology they were not much of a problem if any. Today programmers and system builders program and build their goods with hackers and others in mind. Many security features are built in and other features are discussed and put in place at the beginning of the project. Nothing is foolproof, but if there is a way for them to get in, there is a way to keep them out.
Author unknown. (2007). What is a Port Scan Attack? : Yahoo Answers http://answers.yahoo.com/question/index?qid=20061105020422AAtre1p Branch S. (2012). What is a Ping Sweep? : © 2003-2013 Conjecture Corporation http://www.wisegeek.com/what-is-a-ping-sweep.htm