Ping Sweeps & Port Scans:
Potential Dangers and Defense Strategies
THIS IS MY ORIGINAL WORK, PLEASE DO NOT SUBMIT IT AS YOUR OWN, BUT USE IT AS A GUIDE WHILE WRITING YOUR OWN…
I REQUEST YOU TO GIVE ME AN “A” RATING ON THIS PAPER;
Insert Your Name
Name of University
SEC 280 Week 1
Insert Tutor’s Name
1st, October, 2012
1) Introduction (pg.3)
2) Ping Sweeps & Port Scans (pg.3)
a) Ping Sweeps (pg.3)
b) Port Scans (pg.4)
3) Recommendations & Conclusion (pg.5)
4) References (pg.7)
Ping Sweeps & Port Scans
While running businesses, owners must be aware of crucial security threats that their ...view middle of the document...
An individual, thereafter, can use various utilities on the internet to exploit identified “open doors” within a system and gain access to sensitive information as explained in the following paragraphs.
a) Ping Sweeps
A ping sweep is a kind of network probe where an individual sends a set of “ICMP ECHO” packets to a range of machines so as to establish which machines are alive and which ones are not. Hence, it is an attempt to establish which machines in a network are actually on and responding before a hacker can launch his attack on running machines. Although intruders can use ping sweeps to conduct illegal activities, there are legitimate reasons for conducting them. For instance, a network administrator may conduct a ping sweep so as to establish active machines on the network for diagnostic purposes. Teo (2000) assert that most utilities that can perform a ping sweep - including fping - can also perform a DNS search on all IP addresses and generate endpoints names. This crucial information will then allow an attacker to launch an attack on the machine of much preference.
Detection and Defense against Ping Sweeps
The first step in reducing network attacks on a particular system is to detect then attempt to establish proper ways of eliminating the vulnerabilities. Ping sweeps can be detected through various methods such as looking for ARP packets using EtherPeek NX and EtherPeek tools (Wild Packets, 2002). This involves the creation of a filter searching for ARP packets that are usually easy to spot, which are then looked into in order to establish the senders IP address. Ippl is an IP protocol logger that runs in the background and listens for packets; hence, it is high profile ping sweep detection tool (Teo, 2002).
b) Port Scans
A port scan is another common network probe that is generally used by intruders to establish services that are actually running on the target machine (SANS Institute, 2002). Port scans allow intruders to establish vulnerable services in machines where attacks can be successfully launched. As such, a port scan refers to a process where a hacker attempts to establish a connection with target machine on various TCP or UDP ports in order to spot potential vulnerabilities of the system (Wild Packets, 2002). Port scans are generally easy to perform since it involves connecting to a series of ports on the target machine and identifying the ones that respond. Programmers can actually write a simple port scanner in a few minutes, but these are usually very easily detected by the operating system on the target machine as describe in the following paragraph.
Detection and Defense against Port Scans
Port scans are legally accepted unless an attacker uses information from a port scan to...