Check Point Advisories

Security Best Practice: Protect Yourself from Port Scans

Check Point Reference: SBP-2008-17
Date Published: 15 Aug 2008
Severity: Low
Last Updated: Thursday 11 March, 2010
Source: IPS Research Center
Protection Provided by:
Who is Vulnerable? Hosts and Networks
Vulnerability Description A port scanner is a software application designed to probe a network host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it.
Vulnerability DetailsIPS/SmartDefense offers the following protections:

Host Port Scan - A host port scan is directed at a specific host or network. A scan can determine which services a host offers. For example, a host port scan could discover that a certain host has access points at TCP ports 23, 25 and 110 open; meaning it offers the Telnet, SMTP and POP3 services, respectively. Attackers can then direct their efforts against those services on that machine.

Sweep Scan - An IP Sweep Scan looks for a specific open port and determines where it is available. For example, IP Sweep Scans are used by network worms trying to find machines on which they can propagate themselves. The Blaster worm, for example, looks for the RPC service. The worm searches the entire network looking for that open service.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK