A port is a place where information flows in a computer i.e. the information goes into and out of a computer.
1. Port Scan
Port Scan is an act of systematically scanning a computer's port to identify open doors to a computer. It shows all open ports and some additional information like host name, MAC address, HTTP, SMB, FTP, SMTP, SNMP, MySQL, MongoDB services etc.
Port Scanner tool use raw IP packets to find what ports are open on a server or what operating system is running or check if a server has firewall enabled. The legitimate use of port scan is managing networks, however, it can be used for malicious purpose to find a weak access point to break into a computer.
How to detect Port Scan Attack?
- If a remote host scans 10 ports in 0.005 seconds (or default threshold setting)
2. TCP Port Sweep
TCP Port Sweep is a series of TCP connections to a number of different privileged ports (having port number less than 1024) on a specific host. This is indicative that a reconnaissance sweep of your network may be in progress. This may be the prelude to a more serious attack.
How to detect Port Sweep Attack?
- If a remote host sends TCP packets to 10 different privileged addresses (ports) in 0.005 seconds (or default threshold setting)
No comments:
Post a Comment