Introduction
Today, the email system of our company has become one of the most indispensable and widely used business communication tools. But due to its increased popularity, our email has also become a suitable target for crackers and hackers who intend to cause harm to our company. Although email is a very convenient and efficient tool, it has certain vulnerabilities which the hackers exploit. Internet communication systems using UDP or TCP are the most vulnerable to such attacks. The attackers try to discover the services that are present at the network target, i.e. us. Then they use techniques like ping sweeps and TCP and UDP port scans for gathering data from that remote network. (Fletcher, 2009)
Body: Ping sweep and port scans
Ping sweep and port scans are the most common types of reconnaissance network probes. The port scan technique can be used by attackers for discovering the services that run on our machine. By using port scans an attacker can find out the live services that are running on our machines. Then he can plan any type of attack on the services that he has found. The attackers can port scan all the possible UDP and TCP ports and can even limit the ports scanned for avoiding getting detected. Port scans are extremely simple to carry out since the intruder simply has to link up with the ports of our machine and determine which out of them are active. UDP scans are a little more difficult than the TCP scans since the former is a connectionless protocol. The attacker simply sends to an intended port a garbage UDP packet to check the machines that are active. Since TCP scans are easy the attacker can use stealth scans, FIN scans and TCP connections for determining whether a machine is active. (Dollard, 2006)
In ping sweep a series of ICMP ECHO packets can be sent to the network where the machines have a range of IP addresses. By this way the attacker determines which machines are active and responsive so that he can focus on a particular active machine for attacking it. By using this mechanism an intruder can choose a list of our IP addresses and then send those ping packets to us. But unlike a normal ping operation, a ping sweep will send one of the packets to a single IP address and the next one to another IP address. This goes on continuing in a round robin fashion. (Fletcher, 2009)
Conclusion
Although ping sweeps and port scans can be used by attackers for hacking into our systems, they are not very harmful if proper precautions are taken. Also, sometimes we have seen that network administrators use ping sweeps and port scans on their networks for determining which of the machines are active and which are not so as to perform a diagnosis. Our company needs to be aware of the different types of network probes that can be extremely harmful for our company. But network probes like ping sweep and port scans cannot be stopped and this is the reason that they need to be taken somewhat seriously. (Dollard, 2006) Since we cannot stop them we need to be ready in case either a ping sweep or port scan takes place so that we can immediately protect our vulnerable systems and data.
References
Dollard, J. (2006). Secured Aggression. New Haven and London: Yale University Press.
Fletcher, R. (2009); Software Security: Beliefs and Knowledge. Auckland: Howard & Price.