Port Scanning: The Forgotten Danger before the Attack

This excerpt has been taken from an upcoming article that I just completed on Portscanning. For anyone in information security and security monitoring, portscans are common and often ignored due to its frequency and volume.

I have worked at organizations were we observed over a million scanning events a day. Often I hear other security professionals state, they block these scanning events from their monitoring stations since it is external to their network and a recourse strain on operations.

The problem with that approach is the lost of visibility to malicious event knocking on the door of the network.

Port Scanning: The Forgotten Danger before the Attack

A port scanner is a tool designed to search for open ports on systems connected on the network. This tool can be used by network and security professionals to perform legitimate functions to secure their systems and can be used by malicious users to begin staging an attack. There are two of scanning functions, the first is called a port scan. In a port scan, the scanner listens to all ports on a single host to determine which ports are available. The second type is called a portsweep. A portsweep is conducted on multiple hosts on a network looking for all available ports on all accessible systems.