Ping sweeps and Port scans

Running Head : PING SWEEPS AND PORT SCANS

Ping Sweeps and Port Scans

[Name]

[University]

Ping Sweeps and Port Scans

THESIS STATEMENT

Network probes , such as port scans and ping sweeps , can lead to intrusion of private systems of a company or network , enabling the intruders to gain access and change , or worst , ruin the settings of vulnerable target machines which can also ruin the whole company system as well , however , due to the advancement in technology , such activity can be detected and prevented using special tools

INTRODUCTION p

Ping Sweeps and Port Scans are two most common network probes which serve as important clues in sensing invasion or intrusion that can harm the network 's systems of machines . Though network probes are not truly intrusions , however , they may be potential causes of actual intrusions in the future (Theo , 2000 . To avoid such circumstances , it is better that we have knowledge about how probes are performed and how we can detect them

PORT SCANS

Port Scanning can discover the services running on a target machine giving the intruder a chance to study the whole system , making it easy for him to make a plan on how to attack any susceptible and defenseless service that he finds . For example , if an intruder finds any open port such as port 143 , he will observe what running IMAP version is on the target . If the version is weak , he can have an access to the machine using an exploit (Theo , 2000

How is it performed ? You just need to connect a series of ports on the machine , finding which ones respond and which don 't . A good programmer can write a simple port scanner in just fifteen minutes using Java or Perl language . On the other hand , this kind of port scan is easily detected by the operating system of the target machine (Theo , 2000

A tool called scanlogd , developed by the Solar Designer , is a dzhmon running in a background and listening on the network boundary for port scans . The scanlogd recounts the detected port scan through inscribing a line using the syslog mechanism (Theo , 2000

PING SWEEPS

In ping sweeps , a set of ICMP ECHO packets is being sent to a system of machines , specifically a range of IP addresses , and find out which ones will react . Active machines that respond will be the potential target of the intruder from there he will focus on attacking and working on these machines . However , ping sweeps is sometimes performed by the network legitimately to find out which machines are alive for diagnostic reasons (Theo , 2000

Like port scans , ping sweeps can be detected using a special tool ippl , an IP protocol logger , can log TCP , UDP , and ICMP packets . It works like the scanlogd , wherein it sits in the background and snoop for packets (Theo , 2000

CONCLUSION

Since network probing activities like port scans and ping sweeps can be detected and prevented using special tools , there is no need to worry on possible intrusions of...