Recently, it was brought to my attention that there are concerns about some activities on the network that can be considered less than trustworthy. Specifically, the concerns are regarding network traffic called ping sweeps and port scans. I’m putting together this paper to explain how ping sweeps and port scans impact our network traffic.
First we must understand what these two things do before we can understand how they are used to impact a network. I’ll start with ping sweeps.
A ping sweep is a signal that is sent to a range of machines on a network to simply see if there is a reply back. This is done via an ICMP Echo request that is sent to each machine.
The ICMP Echo request is a signal sent out to an IP address requesting an answer back. More commonly known as a ping. The ping will wait for a response from any machine that is using the IP address specified in the ping and will let the person sending the ping know if the port the machine is using on the network is open or not.
The ping sweep takes the ping to the next level as it will send these pings out to a large range of IP addresses requesting responses back. It lets the person sending the ping sweep know what machines are alive and what machines are off. It is an easy way for a less than scrupulous person to discover where they might be able to start an intrusion at.
But please understand that ping sweeps are not just used by intruders trying to crash our network or other nefarious actions. Ping sweeps are also utilized by our own networking personnel for use in troubleshooting issues on the network. It’s is also used in resolving licensing issues as well. So not all ping sweeps are bad for the network.
Port scans are a animal that takes ping sweeps to the next level. The goal of a port scan is to actually see a machine on the network by probing for machines. Of course, the machine must be powered on for the port scan to find it. When it does find a machine that is powered on, the port scan will start getting to work.
The port scan will scan for a port on the machine once it’s discovered one. It will then determine what services are running on the port that it’s discovered. This is important to the intruder because it gives them the information they need to take over the machine running on the discovered port. The risk to our network from Ping sweeps port scans is minimal. We have several tools at our disposal that are currently acting to block external ping sweeps and port scans from intruding on our network.
The biggest protection we currently have in place is our hardware and software firewalls. They are configured to help block incoming echo requests and protect unauthorized intrusions on our machines. With that being said though, we must always work with the assumption that we are vulnerable to attack. This is because every day somebody somewhere is trying to figure out a way to get past the current protection technology that is in place. No network on the planet is completely locked down from intrusion and there is no exception. Education is also the key to staying protected against intrusions.
Automated updates are in place on all our security software so that we continue to stay up to date with our security patches. Continuing our education of the employees within the company on network security by providing the latest readings on threats or via monthly newsletters will also continue. This, I believe, will provide the heightened awareness desired and protect our information stored or shared on our network.