Every computer user knows that there is a certain port scanner program . Interestingly, this knowledge is partly due to fierce competition among the creators of software solutions for protection against viruses. So, early versions of antiviruses from Kaspersky Lab sent up to a dozen messages about scanning computer ports during a session with a global network (depending on the intensity of work with network resources). A pop-up window informed that an attempt was made to scan and the dangerous node was blocked. It is quite clear that users, seeing so many warnings about successful "neutralization", made a conclusion about the high efficiency of the protection program. Fortunately, now this way of attracting attention is almost outdated, and many protective functions work in the background.
Before you consider what a port scanner is , let's define some other concepts. A port is a piece of code in a network data packet (TCP or UDP) that identifies the target and initiating applications. Imagine that a program creates a request to the operating system for access to the network. The system negotiates the initiating program and the port number that is assigned to it. Next, data packets are sent. When receiving a response to a port, the system redirects data to the desired program. What does it give? An external port scanner checks the network interface of the computer by sending requests. This is a certain "probe" of the interface, a kind of testing. This operation allows you to view open ports and map them. Obviously, with an external request to the closed port, there will be no answer, but when you find the active one, you can find out which programs are waiting for the data to arrive. After determining the ports and applications, the attack itself begins. Of course, if circumstances permit: the firewall is not configured correctly, the ports are open, etc. Note that scanning for the computer itself is safe: if you are confident in the strength of the doors of the house, let them knock as much as they want.
What attacks can be carried out in a similar way? Since the recipient application is known, it is possible to form a package in such a way that during its processing a network service malfunction occurs (a daemon program that processes network requests), with known consequences. For example, you can achieve a complete rejection of the processing of incoming data packets (DoS attack) or even, using existing vulnerabilities, gain access to remote execution of commands on the target computer. Often, specialized forums openly offer services to temporarily disable a network resource (site). How does this happen and what does the port scanner have to do with it? Very simple. Having decided on a service program, a huge stream of meaningless (garbage) information is sent to the target server. As a result, with large server capacities, there is a significant delay in the processing of useful requests, which must first be "caught" from the stream of clogging data. However, as a rule, in order to avoid overload, the attacked service is temporarily suspended by the administrator. This method is called flood.
You can improve computer security by installing special security programs - firewalls. They hide ports from standard scanning methods, making the computer virtually invisible. You should not neglect their installation. By the way, the firewall is part of anti-virus packages of the Internet Security class.
Checking open ports is easiest with the help of special sites-detectors. Just go to it and click on the “Scan ports” button (the name may vary). One of the famous ones is Russian 2ip.