by peter


Port Scanning Explained


Risk Rating: LOW
Likelihood: 5/5
Impact: 1/5


  • Exposed attack surface

  • Lack of monitoring

Port Scanning Overview

Port scanning is a method of determining which ports on a network are open and could be receiving or sending data. It is also a process for sending packets to specific ports on a host and analyzing responses to identify vulnerabilities.

This scanning can’t take place without first identifying a list of active hosts and mapping those hosts to their IP addresses. This activity, called host discovery, starts by doing a network scan.

The goal behind port and network scanning is to identify the organization of IP addresses, hosts, and ports to properly determine open or vulnerable server locations and diagnose security levels. Both network and port scans can reveal the presence of security measures in place such as a firewall between the server and the user’s device.

After a thorough network scan is complete and a list of active hosts is compiled, port scanning can take place to identify open ports on a network that may enable unauthorized access.

It’s important to note that network and port scans can be used by both IT administrators and cybercriminals to verify or check the security policies of a network and identify vulnerabilities — and in the attackers’ case, to exploit any potential weak entry points. In fact, the host discovery element in network scanning is often the first step used by attackers before they execute an attack. As both scans continue to be used as key tools for attackers, the results of network and port scanning can provide important indications of network security levels for IT administrators trying to keep networks safe from attacks.

What you need to know about Port Scanning

Portscanning is not illegal. However, you can report excessive scanning to your ISP. Many firewalls and IPS devices will be able to detect and block excessive portscans.

Port scanning is a popular method cyber criminals use to search for vulnerable servers. They often use it to discover organizations’ security levels, determine whether businesses have effective firewalls, and detect vulnerable networks or servers. Some TCP methods also enable attackers to hide their location.

Cyber criminals search through networks to assess how ports react, which enables them to understand the business’s security levels and the systems they deploy.

Preventing a port scan attack is reliant on having effective, updated threat intelligence that is in line with the evolving threat landscape. Businesses also require strong security software, port scan tools, and security alerts that monitor ports and prevent malicious actors from reaching their network. Useful tools include IP scanning, Nmap, and Netcat.

Other defense mechanisms include:

  1. A strong firewall: A firewall can prevent unauthorized access to a business’s private network. It controls ports and their visibility, as well as detects when a port scan is in progress before shutting it down.
  2. TCP wrappers: These enable administrators to have the flexibility to permit or deny access to servers based on IP addresses and domain names.
  3. Uncover network holes: Businesses can use a port checker or port scanner to determine whether more ports are open than required. They need to regularly check their systems to report potential weak points or vulnerabilities that could be exploited by an attacker.

Portscans are typically seen as a precursor to an attack and is something that our Security Operations Center is constantly on the look out for.

Port Scanning Sources

Portscanning will literally happen from anywhere.