I have a Symantec VPN/firewall 200 in place. I have an address for the WAN in place, and my LAN seems to be protected
behind the firewall. However, in the firewall log I keep receiving "port scan attack" messages. What is a port scan attack?
Ports are like little doors on your system. Most packets leaving your machine come out of a certain door. They are destined for another door on another system. There are two different protocols that use ports: TCP and UDP. Each of these two protocols has 65,536 different ports. Various Internet services listen on certain well-known doors. For example, Web servers usually listen on TCP port 80. Mail servers usually listen on TCP door port 25.
An attacker launches a port scan to see what ports are open, with a listening service, on your machine. A port scan attack, therefore, occurs when an attacker sends packets to your machine, varying the destination port. The attacker can use this to find out what services you are running and to get a pretty good idea of the operating system you have. Most Internet sites get a dozen or more port scans per day. As long as you harden your firewall and minimize the services allowed through it, these attacks shouldn't worry you.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: What is port scanning?
Strom's Security Tool Shed: Hacker took helps identify network weaknesses
Dig deeper on Web Server Threats and Countermeasures
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.