Network Scanning: Assignment and Protection Against It

Network scanning is one of the most popular operations performed by system administrators. Hardly there is such IT-expert who never in the activity did not apply a command ping, in this or that kind included in structure of any operational system. It is worth considering this topic in more detail.

Purpose of scanning

In fact, network scanning is a very powerful tool that is regularly used to configure both network and network equipment. When searching for faulty nodes, this operation is also performed. By the way, in addition to using for work purposes, network scanning is also a favorite tool for any cracker. All the most famous utilities for network verification were created by professional hackers. With their help, it becomes possible to scan the network and collect all the necessary information about the computers that are connected to it. So you can find out which network architecture, what equipment is used, what ports are open for computers. This is all the primary information necessary for hacking. Since utilities are used by crackers, they also use them to find out all the vulnerabilities of the local network when setting up.

In general, the programs can be divided into two types. Some perform IP address scanning on the local network, while others scan the ports. This division can be called conditional, since most of the utilities combine both functions.

IP address scanning

There are usually a lot of machines on the Windows network. The mechanism for verifying their IP addresses is sending ICMP packets and waiting for a response. If such a package is received, then the computer is currently connected to the network at this address.

When considering the capabilities of the ICMP protocol, it should be noted that scanning the network using ping and similar utilities is just the tip of the iceberg. When exchanging packages, you can get more valuable information than the fact of connecting a node to a network at a specific address.

How to protect against IP address scanning?

Is it possible to defend against this? Yes, you just need to block responses to ICMP requests. This approach is used by administrators who care about network security. Equally important is the ability to prevent network scanning. For this purpose, the exchange of data via the ICMP protocol is restricted. Despite its convenience in checking network problems, it can also create these problems. With unrestricted access, hackers get the opportunity to attack.

Port scanning

In cases where the exchange of ICMP packets is blocked, the port scanning method is used. After scanning the standard ports of each possible address, you can find out which of the nodes are connected to the network. In case of opening the port or its location in the standby mode, you can understand that there is a computer on this address that is connected to the network.

The scan of the network ports is referred to as TCP-listening.

How to protect from listening ports?

It is unlikely that it is possible to prevent someone from trying to scan the ports on the computer. But it is quite possible to fix the fact of listening, after which possible negative consequences can be minimized. To do this, you must properly configure the firewall, as well as disable the services that are not used. What is the configuration of the operating system firewall? In closing all unused ports. In addition, both software and hardware firewalls have a function to support the detection mode of attempts to scan ports. This possibility should not be neglected.