Free Essay

Ping Sweeps and Port Scans

In:

Submitted By msladona
Words 814
Pages 4
Ping Sweeps and Port Scans Ping sweeps and ports scans are a common ways for hackers to probe a network and attempt to break into it. Although network probes are technically not intrusions themselves, they should not be taken lightly—they may lead to actual intrusions in the future. In the information that follows, I will provide a standard definition of a ping sweep and port scan, the possible uses of the two, and the prevention methods which are in place in our company to combat ping sweeps and port scans of our network by would be attackers. According to Whatis.com, a ping sweep is a basic networking scanning technique used to determine which range of IP addresses are mapped to active computers. During a ping sweep, Internet Control Message Protocol (ICMP) Echo requests are sent to many computers, which determines which are active and which are not ("What is ping sweep (ICMP sweep)? - Definition from Whatis.com," n.d.). If a given address is active, it will return an ICMP Echo reply and the attacker will then focus on those machines. Hackers are not the only ones who perform ping sweeps. I use ping sweeps to find out which machines are active on the network for diagnostics reasons and our ISP (Internet Service Provider) uses automated ping operations to monitor their connection. Disabling the ICMP protocol is one option to prevent ping sweeps; however, doing so may cause problems with our ISP leading them to think that the connection is not functioning because their monitoring software tells them that the connection is down. Another consideration is that some of our software makes use of ping operations for their normal functioning as well, and these may believe that our computers are no longer responding if the ICMP is disabled. The solution to this situation is permitting ICMP only to a given computer or IP range. For example, we contacted our ISP and confirmed the IP addresses of the monitoring machines they are using, and then used the IP addresses to create an allow rule in our firewall for the ICMP protocol, which should solve the problem because our computers will respond to ICMP ECHO commands from our ISP, but not for everyone else. Port scans are another tool used by hackers to break a network. Attackers use port scanning to discover services they can break into because machines that are connected to a Local Area Network or Internet run many services that listen at well-known ports. The general objective of a port scan is to map out the system's operating system and the applications and services it is running. A hacker can then test for vulnerabilities within the applications and plan an attack ("Port Scanning," n.d.). Port scanners are software that identify which ports and services are open on an Internet-connected device ("How to protect against port scans," n.d.). The scanner sends a connection request to the target computer on all 65536 ports, and records which ports respond and how. The type of response received indicates whether the port is in use. I use this software to verify the security policies of the network, as well as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Our network currently has a network intrusion detection system (NIDS) which inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise the system. The NIDS will document all attempted attacks in a log and will also send an alert to the console regarding the attack. Our NIDS is configured inside of the firewall wall, so it will monitor attacks that penetrate the firewall as well as internal attacks. I feel confident that the processes that we have in place are more than adequate to protect our network from ping sweeps and port scan attacks. Utilizing both the restrictive ICMP rules set up in our firewall to monitor ping activity and the Network Intrusion Detection System to monitor port scanning activity are recognized in the industry as "Best Practices". I will continue to stay on top of the current advances in this technology and implement all safeguards which are necessary to protect our network and the information which it contains. I will remain diligent and apprise you of any new developments which may affect the security of the network.

References
How to protect against port scans. (n.d.). Information Security Information, News and Tips - SearchSecurity.com. Retrieved from http://searchsecurity.techtarget.com/answer/How-to-protect-against-port-scans
Port Scanning. (n.d.). Firewall Test. Retrieved from http://www.testmyfirewall.com/ port_scanning.asp
What is ping sweep (ICMP sweep)? - Definition from Whatis.com. (n.d.). Midmarket CIO Information, News and Tips - SearchCIO-Midmarket.com. Retrieved from http://searchcio-midmarket.techtarget.com/definition/ping-sweep

Similar Documents

Free Essay

Ping Sweeps and Port Scans

...Ping Sweeps & Port Scans: Potential Dangers and Defense Strategies THIS IS MY ORIGINAL WORK, PLEASE DO NOT SUBMIT IT AS YOUR OWN, BUT USE IT AS A GUIDE WHILE WRITING YOUR OWN… I REQUEST YOU TO GIVE ME AN “A” RATING ON THIS PAPER; THANK YOU!!! Insert Your Name Name of University SEC 280 Week 1 Insert Tutor’s Name 1st, October, 2012 Outline 1) Introduction (pg.3) 2) Ping Sweeps & Port Scans (pg.3) a) Ping Sweeps (pg.3) b) Port Scans (pg.4) 3) Recommendations & Conclusion (pg.5) 4) References (pg.7) Ping Sweeps & Port Scans While running businesses, owners must be aware of crucial security threats that their organizations are exposed to in order to formulate effective strategies of mitigating potential risks. Statistics show that there are numerous computer threats that can put an organization’s success in jeopardy especially if they are never detected and controlled beforehand. Examples of such threats are ping sweeps and port scans, which are actually nefarious computer activities that can be used by hackers and crackers to access sensitive business information (Teo, 2000; Wild Packet, 2002). Ping sweeps and port scans can possibly go unnoticed if security measures to detect and block them are not put in place and can have dangerous repercussions on a business. Fortunately, there are many ways through which organizations can detect and eliminate potential damages associated with the activities...

Words: 1200 - Pages: 5

Free Essay

Ping Sweeps and Port Scans

...Ping Sweeps And Port Scans Jerry Carr Devry University Computer security is becoming more of an issue every day. People have a lot of various ways to hack into a computer network, whether it is an inside threat or outside force trying to get vital information or destroy a company network in any way possible. Although there are many ways to get into a network, I will go over ping sweeps and port scans and some actions to take to protect a network from these kinds of threats. A ping sweep is when an intruder sends an ICMP echo request on a network, also known as a ping, to the target computers and find out if they are reachable (Conklin, White 2010). If they get a response from any computer on the network then it is reachable and that is where an intruder can start his or her attack, moving on to the next step of the process (Teo 2005). When the intruder finds a computer or computers that are reachable they can now perform a port scan. Port scans “look” at a computer that is accessible and scans for open ports. When an open port is found, it starts to scan the port to find the service, applications, and the operating system it is running (Conklin, White 2010). When this is done, the attacker will have a list of computers, some specific applications or services to...

Words: 564 - Pages: 3

Free Essay

Ping Sweeps and Port Scans

...Ping Sweeps and Port Scans James A. Fort SEC 280 Professor Dau July 15, 2012 Ping Sweeps and Port Scans With computer networks becoming larger hackers are looking more and more for ways to illegally gain access to our networks and procure information about our customers that they can use for their gain. Some tools that hackers are using are called ping sweeps and port scans. Now in the hands of Network Administrators these tools are not something to be afraid of, but in the hands of hackers they are something to be aware of because they have the ability to provide relevant information to a potential attacker. Ping sweeps and port scans will probably be the first steps of the attack because they provide the potential attacker a lot about our network as well as services, and open ports, on a computer system or our network. Ping sweep would be the first tool an attacker would take when he chooses to target our company’s computer systems. It is made up of a series of ICMP echo requests sent to a range of IP addresses to determine which IPs are in use by a host. A ping sweep is a valuable tool that can provide an attacker with a network map of all devices on the network, including hosts, routers, and other networked devices. With this information an attacker can establish an attack plan on network servers and hosts or can be used just to clog up the network. With the appropriate firewall in place protecting the network from pings outside of the LAN, then we can eliminate...

Words: 562 - Pages: 3

Premium Essay

Ping Sweeps and Port Scans

...Port Scans and Ping Sweeps Port scans and ping sweeps are just some of the methods used by hackers to break in and attack vulnerable systems on a targeted network. There are various levels of these probes where some are very easy to detect and stop while others can be a little more difficult to find and require special tools and knowledge. The purpose of this report is to help one gain a more clear understanding of what port scans and ping sweeps are, what they do, and whether they are something to worry about or not. Port scans are a simple method used to help discover ports that are available and running on a particular target network. Once a vulnerable port is found, a hacker could then gather information and plan an attack on that service. All you have to do is write a port scan up using a programming language such as Java or Perl, connect it to a series of ports and wait to see what responds and what doesn’t. There are different levels of port scans. Some are very simple and easy to detect and because of that are not used as often as some of the more stealthy versions. In order to detect a stealth port scan, you need special tools such as software or a firewall. One tool made by Solar Designer has developed such a tool called scanlogd which listens in on the networks background for interference of port scans (Lawrence, Teo, 2000). Another common method to negate these scans is to shutdown ports that aren’t in use or necessary. Ping sweeps are another type of network...

Words: 674 - Pages: 3

Premium Essay

Understanding Port Scans and Ping Sweeps

...Understanding port scans and ping sweeps You tried to log in on your work computer only to realize that either your system doesn’t accept your passwords or some valuable files are missing on the hard drive. If you have ever been hacked, this scenario sounds familiar to you. Today, more and more businesses utilize the internet to do business. Needless to say, the computer use popularity has been steadily increasing over recent years. At the same time, the security has become one of the major concerns in any company since there are a lot of techniques used by hackers to gain control of a PC system or a network. Furthermore, understanding of network computer activities such as port scans and ping sweeps not only helps to prevent any unauthorized accessed to the company system, but also helps to reduce the chance of being hacked. Generally speaking, ping sweep is a technique of sending multiple ICMP (Internet Control Message Protocol) packets to a target network by an attacker to identify any possible alive IP addresses on a particular network. An attacker is usually using an automated ping sweep tools such as fping and nmap to determine which IP addresses don’t have any network block on them (Preetham, 2002). In other words, by using ping sweep the attacker can not only to obtain an active IP address but also initiate a possible attack on that IP address and gain access to the valuable information. Needless to say that an IT administrator needs to be able to detect pings sweeps before...

Words: 577 - Pages: 3

Premium Essay

Ping Sweeps and Port Scans in Development

...Ping Sweeps and Port Scans in Development   In this paper we will be going through all the processes which will show how dealing with security. An example would be the ping sweeps and port scans recently. This will show a complete example to how certain techniques can affect our work environment.   To start with, it should be known that either of these two methods could have malicious issues in order to also achieve certain goals. They can be used in order for a hacker to take advantage of our system or the host within it, but on the same page, network administrators also use these methods in order to make certain checks. I will explain first what each of these methods are and could do and also then have a simple option of how it can be dealt with if you would prefer. Ping sweeps are when is a manner to see if you can establish the IP addresses in order to map out to a live host (our computers). There are different tools that can be used for them depending on the OS that is being used. We have the option if using Mac, Windows, or Unix. There are many reasons why an administrator would use this technique though. One of the reasons would be to see what is being active on the network and what is not. This can be of help if we are in the process of figuring out if there is a network issue and being able to diagnose it. When we ping it has a packet being sent out to a certain IP address and if that address is being used in an active manner, we will then receive a...

Words: 635 - Pages: 3

Free Essay

Ping Sweeps and Ports Scans Description

...THESIS STATEMENT Infamous computer activities, such as port scans and ping sweeps, which can lead to intrusion of systems of a company or network, which enables the intruders to gain access to the systems and do changes in the settings or extract important information. These activities can be detected and stopped or prevented using special skills tool set. INTRODUCTION One of the most common disreputable computer activities are ping sweeps and port scans. They lead to breach of systems by intruders which can harm the whole system or network protocols. There are millions of entities around the world that utilize the internet and the problem is that, many are unaware of the threats and vulnerabilities that are lurking around. These probes can be detected and prevented for to be in a safe position rather than compromise. Ping Sweep and Port Scans Events Two methods that are used to attack a network is ping sweep and port scans. These activities can be used with malicious intent against, as well as, in effort to try to protect a network. Ping sweeps and port scans has been a notorious and yet a useful tool for hackers and system administrators. Ping sweeps and port scans at times can be a bother to both system administrators and network managers. Ping sweeps and port scans work together and can be dangerous but it also can be prevented. A ping sweep, also known as an internet control message protocol sweep (ICMP) is a basic network scanning technique used to determine...

Words: 648 - Pages: 3

Premium Essay

Netw280

...Ping Sweeps and Port Scans Ashlee Jackson Devry University PING SWEEPS AND PORT SCANS Port scans are used to find which ports are open and show what may possibly be running on the target machine(s) from the ping sweep. The intruder will send specially formatted data packets to the ports to get more information, such as: operating system, running applications, etc. This still is not a direct threat, but the intruder is slowly grabbing information that will reveal the vulnerabilities within the computer. When created, the intruder can gain access to the target machine and destroy the target from the inside. Once an open port is found and vulnerable, an average programmer can Ping Sweeps and port scans are something that every network will most likely have happen to it at some point. While these two things themselves are not intrusive to your network, they can uncover holes or vulnerabilities in your network that can be exploited and used for malicious behavior It is safe to say that any large network at some point has been probed by something like a port scan or a ping sweep. These types of probes should not be taken lightly. They can be used to uncover certain vulnerabilities in your network and be used as ways to gain access. The use of computers in this generation has been a necessity. A lot of companies depend on computers to operate their business which is why it is essential...

Words: 1333 - Pages: 6

Free Essay

Sec280 Week 1

...to to my attention that you are curious about ping sweeps, and port scans. In the next couple of paragraphs I will explain what each of them are. Next, I will also tell you about the different types of port scans. Then, I will go about explaining how they can impact the company. Next, I will tell you based on the information I provided to you if it is something you should be worried about. First, what is a ping sweep? A ping sweep can also be called an ICMP Sweep. ICMP stands for Internet Control Message Protocol, its primilarily designed to work with our companies operating system and send an error message indicating that a service request is not available. It also can also check and see if the computer's on a domain is not able to connect to the hub or router. Now, a ping sweep is essentially the computer sends a "ping" to a particular destination whether its the domains router, hub switch, etc.. Now, you maybe wondering what is a "ping" is. It is essentially an echo where a computer sends a message and sees if it gets anything back. And if it does it assigns the message back as a protocol number. Sir, there are different ways to perform a ping sweep, I can always go in the command prompt and type the following in; fping,gping and nmap, now I can only use this for the Unix operationg system and I can use pinger software for Windows operating system. You also need to be aware that when I send out a ping it sends out multiple pings to see if a message comes back. I can disable...

Words: 946 - Pages: 4

Free Essay

Sec280-Week1

...be severe to the organization information and privacy and resolve into a loss of information, leak of confidential data such as bank accounts, and loss of goodwill and trust. Ping Sweeps and Port Scans Intro Ping sweeps and port scans are two methods commonly used by hackers to detect vulnerabilities on computer networks (InfoSoc, 2014). Hackers use ping sweeps to check on which computers are active and being used; while they use port scan to find open ports which can be used to breach a network. If these two methods are used by knowledgeable hackers, they can jeopardize personal data and cause severe effects on the entire computer network. Ping Sweep Ping is the abbreviation for Packet Internet Groper. It is a service to check if a machine on the network is up and running. In ping sweep, an Internet Control Message Protocol (ICMP) echo request is sent to a machine to see if it responds. If a machine is live, it will send an echo ICMP response. Hackers use this facility to seek targets in large networks. They use ping sweeps to continuously ping addresses, leading to a slowdown in the network. “It’s a bit like knocking on your neighbors’ door at 3 a.m. to see who’s sleeping and who’s not” (Lawrence, 2001). Fping is a utility that is used for ping sweeps and unlike normal ping it sends one ping packet to one IP address, and then proceeds immediately to the next IP address. Fping navigates through the IP addresses from the top to the bottom, then back to the top and so...

Words: 1279 - Pages: 6

Premium Essay

Ping Sweeps

...Ping Sweeps and Port Scans Devry University SEC-280-13755 Principles Info Sys Security 9/9/2012 Ping Sweeps and Port Scans There are various problems that organizations will face as a cost of doing business. Ping sweeps and port scans are noteworthy because they can affect normal operations. As technology advances, so do the inevitable threats to our cyber security. Ping sweeps and port scans are examples of the threats that most organizations are likely to face. These two probes are the two major and fundamental ways through which hackers and crackers will assess the vulnerabilities of our infrastructure and design a plan to break in (Baskin, 2008). It is important that our organization understands the two primary attacks and their approach so that we can prevent them from taking place and proactively mitigate our risk of attack. Our competitive world and fast-paced market dictates that we effectively decrease our exposure to cyber attacks to protect the integrity of our data and infrastructure due to attack resulting from port scans or ping sweeps. The term “ping sweep” is a process that involves the attacker learning more about the functioning of our existing systems. For instance, if an attacker attempts to breach our servers, he or she will be able to detect if the system is active by performing a ping sweep. This will likely be an attacker’s first step in their attempts to probe our organization for vulnerabilities. The results of the ping sweep...

Words: 774 - Pages: 4

Free Essay

Information and Systems Technology - Ping Sweeps

...Ping sweeps and ports scans are common methods for hackers to try to break a network. As a system administrator this is a valid concern and for the boss this should not be a worry for him. The system administrator has a lot of steps to stop efforts from hackers to acquire any data by using ping sweeps and ports scans. If hackers are constantly thwarted and discouraged from penetrating your network they normally move on to another site. With proper instruction, the right software and sufficient support, one can take necessary steps in preventing malicious types of activities in a network. Port scans and ping sweeps may seem dangerous, but they can also be understood and monitored in order to identify and defend against network threats. Port scans (as its name implies) directed to ports and the response received gives the hacker an idea of the systems integrity and to help set them up for a later intrusion. Port scans are the most common probing tool available. Port scans take ping sweeps to a different level. Port scans actually “look” at a machine that is alive and scan for an open port. Once the open port is found, it scans the port to find the service it is running. All machines connected to a Local Area Network or Internet run many services that connects at well-known and not so well known ports. A port scan helps the attacker find which ports are available. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates...

Words: 655 - Pages: 3

Premium Essay

Sec280

...SEC280 | Week 1 | Case study on Port scans & sweeps | | Jared's | 11/3/2012 | Brief description of what they are and are they dangerous to company! | To answer the main questions for the concerns of our network, NO. These items that have been heard about do not require immediate attention as they are considered normal. We are protected behind our firewall as well as if the employees do as asked at the end of their shift, we will have absolutely nothing to worry about. As more in likely that situation was handled when we brought the network online. Here is a brief rundown on your concerned areas: Ping Sweeps and Port Scans are the two most common network probes that serve as important clues in sensing invasions or intrusions that can harm any type of network. Network probes are not actual intrusions, although, they could be potential causes of actual intrusions. Port scans and ping sweeps can lead to an intrusion of companies’ network system, however, with today’s technological advancements, these activities can be detected and prevented. Ping Sweeps; Ping sweeps are a set of ICMP Echo packets that are sent out to network of computers, actually a range of IP addresses, to see if there are any responses. As an intruder sends out the ping sweeps, he looks for responses so he can figure out which machines he can attack. “Note that there are legitimate reasons for performing ping sweeps on a network—a network administrator may be trying to find out which...

Words: 1129 - Pages: 5

Free Essay

Case Study Week 1

...other activity in which our systems can still be accessed if we aren’t careful. Specifically, two harmful activities, ping sweeps and port scans can have a major impact on computer systems and can definitely cause worry if they aren’t prevented. Ping sweeps could have a major impact on computer systems because they are the first step of an intruder making his entry (Conklin, White, 2010). A ping sweep sends a ping or an ICMP echo request to the target or to multiple hosts (Rouse, 2005 pg. 12). It is being used to see if there is an address alive. If there is, it will return with an echo reply. This is how the intruder will decide the range of addresses and can determine which live address to attack. Ping Sweeps cause worry because you may think they are prevented; however there are other similar ways to determine live addresses. A ping sweep can be prevented by disabling ping sweeps on the network by blocking the ICMP echo request from any outside source. Conversely, Address Mask Requests and ICMP Timestamp are other ways to determine a live address for an intruder to attack (Rouse, 2005). Port Scans have a major impact on computer systems because they are usually the second step of an intruder’s attack. A port scan will scan the ports on the computer system they are in the process of attacking (Conklin, White, 2010). The scan will tell which ports are open. Many techniques afterward can be used to determine the...

Words: 600 - Pages: 3

Premium Essay

Case Study Week 1

...Although ping sweeps and port scans have been around for some time now, they are still considered huge security threats, especially in a business where sensitive data flocks the network. Ping sweeps and port scans are computer activities allowing the person using these activities to gain access to a network or a device; they can be very useful in the right hands but also very dangerous in the wrong hands. A ping sweep is when an intruder sends an ICMP ECHO, or a ping request, to several devices on a network in search of any devices that are currently on. Any devices that are on in that network will send a ping back “saying” that specific device is on. Whichever devices that are not on will not see the request and won’t send anything back so they are ignored by the intruder. But, knowing what devices are on and what devices are not gives the intruder an easy starting point for his/her intrusion attempts. Just because ping sweeps can be used by intruders, this doesn’t mean only intruders use them; network administrators will also use ping sweeps for troubleshooting purposes. They are great tools to use but can cause severe damage if the person using them wanted to. Now that we have talked about ping sweeps, port scans are another tool that intruders can use to access a network or a device. The difference from ping sweeps and port scans though are enormous making port scans much more dangerous. If we look back at what ping sweeps do, look to see what machines are on and which ones...

Words: 860 - Pages: 4