Ping Sweeps and Port Scans

Ping Sweeps and Port Scans-

What They Are and Should You Worry

Patrick Emerson

9/8/2013

DeVry University

Ping Sweeps and Port Scans- What They Are and Should you Worry

Many things come up in conversations when talking about Information Security these days. Some things such as firewalls and virus detection software have become common knowledge and are easy to understand. Other things, however, are not so easy to recognize or understand unless one works with them on a daily basis. Ping sweeps and port scans are two methods used to try and detect vulnerabilities in a network’s defenses that can be used by both security professionals and hackers that are harmless on their own, but the information they reveal can be used for nefarious purposes if obtained by the wrong people.

The first thing to know about port scanning is that it happens all the time. It is very similar to someone going to an apartment building and trying to open every door and every window to find out which ones are locked. (Bradley, n.d.) This scan does nothing but map out which “doors” are open or closed. It does not “enter” any of those doors and attempt to take anything; it is simply looking for ways to get in to the network. If one properly “locks” all the doors there is nothing to worry about. Port scanning is usually performed on the first 1023 TCP and UDP ports. There are over 65000 available TCP and UDP ports, but only the first 1024 are the “well known” ports used for standard services such as FTP, HTTP, SMTP or DNS.

Similar to port scans, ping sweeps are another method used to try and discover cracks in the security of a network. In this type of scan, ICMP Echo requests are directed at a range of IP addresses to find out which ones are responsive. The goal of this type of scan is to let the person running it know which IP’s they should focus on and which ones have no computer attached and therefore should be ignored. To continue the analogy of the apartment building, this would...