Linux.com Article DB: Linux.com Security: Introduction to Port Scanning

Another option that you should be aware of is how fast nmap will scan ports. On certain older operating systems you could actually crash the machine if you scan too quickly.

Consult the man page to find out which of the above best suits the characteristics of the scan you wish to perform. The man page is well written, so take some time to familiarize yourself with some of the more advanced options. Experiment on localhost to get a feeling of nmap's capabilities.

What Tools can I use to Detect Port Scans?

There are several good tools available to combat and detect hostile port scans. Installation and configuration of these tools will be covered in a future article. Until then, here are some URLs:

http://www.psionic.com/abacus/portsentry/ http://www.openwall.com/scanlogd/ http://www.snort.org/

Conclusion

Port scanning is a basic computer security technique. It is not only important to know what services you are running, but also to know how a potential enemy can use this tool against you. In the majority of attacks a port scan is the first step in an intrusion. Having this knowledge gives Linux administrators a better chance at thwarting the attacker early on, and possibly preventing the intrusion completely.

Matt Michie writes for Linux.com when he isn't busy cleaning the New Mexican sand out of his computers.

Originally Published: Thursday, 7 June 2001	Author: Matt Michie
Published to: enchance_articles_security/Basic Security Articles	Page: 5/5 - [Printable]
Linux.com Security: Introduction to Port Scanning Unfortunately nobody can be told which path to take, you must see it for yourself, so choose wisely. Ripped from today's headlines, the writers and editors of Linux.com are proud to present this security-minded introduction to protecting your system. Read on, and know yourself.

	<< Page 5 of 5
Another option that you should be aware of is how fast nmap will scan ports. On certain older operating systems you could actually crash the machine if you scan too quickly. Nmap has the following timings: `-T [Paranoid\|Sneaky\|Polite\|Normal\|Aggressive\|Insane]` Consult the man page to find out which of the above best suits the characteristics of the scan you wish to perform. The man page is well written, so take some time to familiarize yourself with some of the more advanced options. Experiment on localhost to get a feeling of nmap's capabilities. What Tools can I use to Detect Port Scans? There are several good tools available to combat and detect hostile port scans. Installation and configuration of these tools will be covered in a future article. Until then, here are some URLs: `http://www.psionic.com/abacus/portsentry/ http://www.openwall.com/scanlogd/ http://www.snort.org/` Conclusion Port scanning is a basic computer security technique. It is not only important to know what services you are running, but also to know how a potential enemy can use this tool against you. In the majority of attacks a port scan is the first step in an intrusion. Having this knowledge gives Linux administrators a better chance at thwarting the attacker early on, and possibly preventing the intrusion completely. Matt Michie writes for Linux.com when he isn't busy cleaning the New Mexican sand out of his computers.
	<< Page 5 of 5