Port scanner and computer security

Every user of the computer knows that there is a certain program of the port scanner. Interestingly, in part, this knowledge is due to the tough competition among the creators of software solutions to protect against viruses. For example, early versions of Kaspersky Lab's antivirus for a session with the global network showed up to a dozen messages about scanning the computer's ports (depending on the intensity of work with network resources). In the pop-up window , it was reported that an attempt was made to scan and the dangerous node was blocked. It is understandable that users, seeing so many warnings about successful "neutralization", concluded that the protection program is highly effective. Fortunately, now such a way to attract the attention of yourself has almost become obsolete, and many protective functions work in the background.

Before we consider what a port scanner is , let's define some other concepts. A port is the portion of the network data packet code (TCP or UDP) in which the target and the initiating application are identified. Imagine that a program creates a request to the operating system to access the network. The system coordinates the initiating program and the port number, which is assigned to it. Next, the data packets are sent. When you receive a response to the port, the system redirects the data to the desired program. What does this give? The external port scanner checks the network interface of the computer by sending requests. This is a certain "probing" of the interface, a kind of testing. This operation allows you to see the open ports, draw up their map. Obviously, when there is an external request to the private port, there will be no answer, but when you are active, you can find out which programs are waiting for the data to arrive. After determining the ports and applications, the attack itself begins. Of course, if circumstances allow: the firewall is not configured correctly, the ports are open, etc. Note that the scan itself for the computer is safe: if you are sure of the fortress of the door of the house, then let them knock as much as they want.

What kind of attacks can be performed in this way? Since the receiving application is known, it is possible to create a package in such a way that, during processing, the network service fails (the daemon processing network requests), with known consequences. For example, you can completely refuse the processing of incoming data packets (DoS attack) or even, using existing vulnerabilities, to gain access to remote execution of commands on the target computer. Often specialized services openly offer services for temporary disabling of any network resource (site). How does this happen and what does the port scanner do? Very simple. Having defined the program-service, a huge stream of senseless (garbage) information is sent to the target server. As a result, with large server capacities, there is a significant delay in processing useful queries, which must first be "caught" from the stream of clogging data. However, as a rule, in order to avoid overloading, the attacked service is temporarily suspended by the administrator. This method is called flood.

Increase the security of your computer by installing special security software - firewalls. They hide the ports from standard scanning methods, making the computer, in fact, invisible. Neglect their installation is not necessary. By the way, the firewall is a part of the anti-virus packages of the class Internet Security.

Checking open ports is easiest with the help of special sites-detectors. Just go to it and click the "Scan Ports" button (the name may differ). One of the known is Russian 2ip.