Network scanning is one of the most popular operations performed by system administrators. It is unlikely that there is such an IT specialist who has never used the ping command in one form or another that is part of any operating system. It is worth considering this topic in more detail.
Scan destination
In fact, network scanning is a very powerful tool that is regularly used to configure both the network and network equipment. When searching for faulty nodes, this operation is also performed. By the way, in addition to being used for business purposes, network scanning is also a favorite tool of any cracker. All the most famous network verification utilities were created by professional hackers. With their help, it becomes possible to scan the network and collect all the necessary information about the computers that are connected to it. So you can find out what kind of architecture the network has, what equipment is used, which ports on the computers are open. This is all the primary information necessary for hacking. Since the utilities are used by crackers, they also use them in order to find out all the vulnerabilities of the local network during configuration.
In general, programs can be divided into two types. Some people scan IP addresses on the local network, while others scan ports. Such a division can be called conditional, since most of the utilities combine both functions.
IP address scan
There are usually many machines on a Windows network. The mechanism for checking their IP addresses is to send ICMP packets and wait for a response. If such a packet is received, it means that the computer is currently connected to the network at this address.
When considering the capabilities of the ICMP protocol, it should be noted that scanning a network using ping and similar utilities is just the tip of the iceberg. When exchanging packets, you can get more valuable information than the fact of a host connecting to a network at a specific address.
How to protect yourself from IP address scans?
Is it possible to protect yourself from this? Yes, you just need to block responses to requests using the ICMP protocol. This is the approach used by administrators who care about network security. Equally important is the ability to prevent network scanning. For this, data exchange via the ICMP protocol is limited. Despite its convenience in checking network problems, it can also create these problems. With unlimited access, hackers get the opportunity to carry out an attack.
Port scan
In cases where ICMP packet exchange is blocked, the port scanning method is used. After scanning the standard ports of each possible address, you can find out which of the nodes are connected to the network. If the port is opened or in standby mode, you can understand that at this address there is a computer that is connected to the network.
Scanning network ports is classified as TCP listening.
How to protect yourself from listening on ports?
It is unlikely that it is possible to prevent someone from trying to scan ports on a computer. But it is quite possible to fix the fact of listening, after which it is possible to minimize possible unpleasant consequences. To do this, you must properly configure the firewall, as well as disable services that are not used. What is the configuration of the operating system firewall ? In closing all unused ports. In addition, both software and hardware firewalls have the function of supporting the mode of detecting the presence of attempts to scan ports. This opportunity should not be neglected.