Problem solve Get help with specific problems with your technologies, process and projects.

What is a port scan attack?

I have a Symantec VPN/firewall 200 in place. I have an address for the WAN in place, and my LAN seems to be protected...

behind the firewall. However, in the firewall log I keep receiving "port scan attack" messages. What is a port scan attack?

Ports are like little doors on your system. Most packets leaving your machine come out of a certain door. They are destined for another door on another system. There are two different protocols that use ports: TCP and UDP. Each of these two protocols has 65,536 different ports. Various Internet services listen on certain well-known doors. For example, Web servers usually listen on TCP port 80. Mail servers usually listen on TCP door port 25.

An attacker launches a port scan to see what ports are open, with a listening service, on your machine. A port scan attack, therefore, occurs when an attacker sends packets to your machine, varying the destination port. The attacker can use this to find out what services you are running and to get a pretty good idea of the operating system you have. Most Internet sites get a dozen or more port scans per day. As long as you harden your firewall and minimize the services allowed through it, these attacks shouldn't worry you.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: What is port scanning?
Strom's Security Tool Shed: Hacker took helps identify network weaknesses

This was last published in August 2002

Dig Deeper on Web Server Threats and Countermeasures

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Why would an attacker want to know what ports were open on a system? How can an open port be exploited?