Ports are like little doors on your system. Most packets leaving your machine come out of a certain door. They are destined for another door on another system. There are two different protocols that use ports: TCP and UDP. Each of these two protocols has 65,536 different ports. Various Internet services listen on certain well-known doors. For example, Web servers usually listen on TCP port 80. Mail servers usually listen on TCP door port 25.
An attacker launches a port scan to see what ports are open, with a listening service, on your machine. A port scan attack, therefore, occurs when an attacker sends packets to your machine, varying the destination port. The attacker can use this to find out what services you are running and to get a pretty good idea of the operating system you have. Most Internet sites get a dozen or more port scans per day. As long as you harden your firewall and minimize the services allowed through it, these attacks shouldn't worry you.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: What is port scanning?
Strom's Security Tool Shed: Hacker took helps identify network weaknesses
This was first published in August 2002