How to Protect Your Business from Port Scanning Attacks

AdRem Software
5 min readMar 9, 2020

With consumer privacy laws becoming stricter, companies are facing increasing pressure to secure their databases. With GDPR now in full swing, companies can face fines of up to 10 000 000 Euros or 2% of their annual turnover.

Data security is no longer something that we can take lightly. In America alone, cybercrime costs around $525 million annually. Clearly, it’s time to start taking extra steps to ensure cybersecurity and prevent breaches.

In this post, we’ll look beyond your basic anti-virus programs. Instead, we’ll focus on an issue that is easy to overlook — Port Security.

Why is Port Security Important?

Computers must connect to the internet or internal networks using a port. Your basic firewall acts as a guard dog for these ports. Data being sent online is broken down into a series of packets. These packets are then redirected to a particular port.

Which port they use depends on the type of application being used. Each package has a port number encoded into the header. The firewall reads the header to determine what kind of app the package contains.

The firewall will analyze each packet in accordance with the rules that you’ve set up. Applications that are deemed unsafe will be blocked.

Does a Firewall Offer Complete Protection?

You might think that the firewall protects you from all malicious data. Unfortunately, any point at which the computer connects to a network or the internet creates a potential attack surface. Any open port on your computer could potentially be hacked.

Hackers use port scanning programs to see which ports are active and which are not. They then look for vulnerabilities that they can access using these programs.

If you use a good firewall and you keep your software up to date, you’re well-protected. Unfortunately, though, with all the types of applications out there, it can be difficult to ensure that every program is up to date.

Even if your computer software is up to date, what about other devices that you plug into your network? Relying on your firewall alone is not a good option. In fact, with any cybersecurity strategy, you should never rely on just one key system.

Let’s delve a little deeper into ports and how they can be attacked.

How Many Ports Are There?

Here’s where things become tricky. Your typical computer has over 65 000 virtual ports. That’s a lot of ground for your firewall to cover.

On the upside, each port is used for a specific purpose. You can immediately improve security by shutting down any ports that aren’t used.

Say, for example, that you never listen to audio files streamed online. The corresponding port is port 114. If you’re not receiving data through this port, it makes sense to disable it.

Port Scanning Attacks

By scanning the ports on a computer, hackers are able to detect any vulnerabilities. The hacker creates a program that sends one message at a time to each of the ports. By doing this, they’re able to work out what you’re using the port for.

The hacker gets on of three responses here:

· Open: This is what the hacker is looking for. This means that the port is open and that it’s a potential attack vector.

· Closed: This indicates that the host is responding, but that there’s no application running at the time. Hackers take this to mean that the port might become active later. They’ll usually come back later and check again.

· Filtered: This is not what the hacker is looking for. In this case, congestion might have caused the packet to drop. This could also indicate that the firewall blocked the request.

The results of these scans will also highlight potential vulnerabilities that can be exploited. If any vulnerabilities are found, the hacker will be able to gain access.

From there, they can do what they like. That could mean stealing or destroying data, locking you out, or inserting malicious code. Unfortunately, as the victim, you won’t pick up this kind of attack until after the damage is done.

A clever hacker will steal what they want and leave no traces. In this manner, these kinds of hacks can go undetected for a long time.

Types of Port Scanning

If you want to safeguard your system, you need some idea of the different types of attacks:

· Vanilla: This takes quite a bit longer, but the hacker tests every virtual port on the system.

· Strobe: This type of attack is faster because it focuses on services that have vulnerabilities and the ports that they typically use.

· Fragmented Packets: These are not full packets of data, but rather pieces of packets. This can fool your firewall into accepting packets it normally wouldn’t.

· User Datagram Protocol: Here, the attacker focuses on open UDP ports.

· Sweep: This is a systemwide attack. Instead of targeting a particular computer within the network, the hacker pings one port across several computers. This enables them to see which computers on the network are active.

· FTP Bounce: The hacker piggybacks on an FTP server. This hides the source of the attack.

· Stealth: This form of attack ensures that the computer doesn’t log the scans the hacker makes.

Keeping Your Information Safe

Remember the good old days when you could get away with pentesting once a year? Those days are gone. In order to keep your data safe, you must test your network ports frequently and shut down those that aren’t necessary.

Thirty years ago, this might have meant manually calling up each port. Fortunately, things have become a lot easier since them. Specialist programs, like NetCrunch, can be set to automatically scan all the ports and give you reports on how secure they are.

If NetCrunch finds a potential vulnerability or picks up unauthorized activity, you’ll be notified. The software can also identify inactive ports and advise you to shut them down.

Final Notes

When it comes to securing your data, you can no longer be complacent. You might think that you have all your bases covered, but hackers are creative at finding workarounds. Your best protective strategy is to install a strong firewall and run regular port scans yourself.

--

--

AdRem Software
AdRem Software

Written by AdRem Software

AdRem Software makes award-winning commercial and freeware network monitoring & management software trusted by thousands of admins worldwide www.adremsoft.com