Network Scanning: Assignment and Protection Against It
Scanning the network is one of the mostpopular operations performed by system administrators. Hardly there is such IT-expert who never in the activity did not apply a command ping, in this or that kind included in structure of any operational system. It is worth considering this topic in more detail.
In fact, network scanning is veryA powerful tool, regularly used in the configuration of both the network and network equipment. When searching for faulty nodes, this operation is also performed. By the way, in addition to using for work purposes, network scanning is also a favorite tool for any cracker. All the most well-known tools for network checking were created by professional hackers. With their help, it becomes possible to scan the network and collect all the necessary information about the computers that are connected to it. So you can find out which network architecture, what equipment is used, what ports are open for computers. This is all the primary information necessary for hacking. Since utilities are used by crackers, they also use them to find out all the vulnerabilities of the local network when configuring.
In general, the programs can be divided into two types. Some perform IP address scanning on the local network, while others scan the ports. This division can be called conditional, since most utilities combine both functions.
IP address scanning
There are usually a lot of machines on the Windows network. The mechanism for verifying their IP addresses is sending ICMP packets and waiting for a response. If such a package is received, then the computer is currently connected to the network at this address.
When considering the capabilities of the ICMP protocolit should be noted that scanning the network using ping and similar utilities is just the tip of the iceberg. When exchanging packages, you can get more valuable information than the fact of connecting a node to a network at a certain address.
How to protect against IP address scanning?
Is it possible to defend against this? Yes, you just need to block responses to ICMP requests. This approach is used by administrators who care about network security. Equally important is the ability to prevent network scanning. For this purpose, the exchange of data via the ICMP protocol is restricted. Despite its convenience in checking network problems, it can also create these problems. With unlimited access, hackers get the opportunity to attack.
In cases where the exchange of ICMP packets islocked, the port scanning method is used. After scanning the standard ports of each possible address, you can find out which of the nodes are connected to the network. In case of opening the port or its location in the standby mode, you can understand that there is a computer on this address that is connected to the network.
The scan of the network ports is referred to as TCP-listening.
How to protect from listening ports?
It is unlikely that it is possible to prevent someonetry to scan the ports on the computer. But it is quite possible to fix the fact of listening, after which possible negative consequences can be minimized. To do this, you must properly configure the firewall, as well as disable services that are not used. What is the configuration of the operating system firewall? In closing all unused ports. In addition, both software and hardware firewalls have a function to support the detection mode of attempts to scan ports. This possibility should not be neglected.