What Is a Port Scan Attack on a Computer?

By Jedadiah Casey

Port scan attacks determine what services are available on a remote computer.
i computer image by fotografiche.eu from Fotolia.com

Internet networking uses the concept of ports to differentiate different programs, or services, located at the same IP address. For example, a computer could run a Web server and an FTP server at the same time using ports 80 and 21, respectively. A port scan attack occurs when one computer scans the ports of another computer in attempt to determine which services are running on the remote computer for purposes of exploitation.

Linear Port Scan

A linear port scan involves scanning every port on a system. Internet Protocol ports use a 16-bit numbering system, which means a total of 65,536 ports can exist on a single IP address. A liner port scan will scan all of these ports to see which ones are open, closed or hidden.

Random Port Scan

A random port scan is similar in concept to a linear port scan. However, with a random port scan, only a specified number of random ports are scanned instead of all of the available port numbers. The reason for doing this is to speed up the scan, particularly when the attacker is scanning multiple computers in attempt to find vulnerabilities. With a random port scan, if any of the scanned ports are found to be open, the attacker will investigate that computer further.

Well-Known Service Port Scan

Many services run on established "Well-Known" ports, such as ports 25 and 110 for e-mail, 21 for FTP and 80 for the Internet. A port scan that only targets well-known ports is similar in concept to a random port scan, except the port numbers are predefined instead of random. Like a random port scan, if any of the tested ports are found to be open, the attacker will investigate the computer further.

Reconnaisance

After the specified method of port scanning has completed, the attacker views the results and further investigates those computers containing open ports. When a port is found to be open, it means that some type of service is running on that port, and there's a chance that the attacker can exploit it for the purposes of gaining remote access to the computer system. With a proper access exploit in place, an attacker could potentially gain control of the computer system.

×