An introduction to Port Scan and Port Protection

SecOps Solution
3 min readDec 27, 2022

Computer ports serve as the main docking point for information moving from software or the Internet to a device or another computer in the network and vice versa. At the same time, port numbers are the numbers assigned to identify a connection endpoint uniquely, and port scan is a technique of scanning through a network system and finding out the ports which are open, sending data, or receiving the data.

Some of the common ports are:

  1. Port (20) UDP: File Transfer Protocol (FTP) used for data transfer.
  2. Port (22) TCP: Secure Shell (SSH) protocol used for FTP, secure logins, and port forwarding.
  3. Port (23) TCP: Telnet protocol for unencrypted communication.
  4. Port (53) UDP: Domain Name System (DNS), which translates internet domain names into machine-readable IP addresses.
  5. Port (80) TCP: World Wide Web HTTP (Hypertext transfer protocol).

Port scanning techniques:

Ping scans: Ping scans are internet control message protocol (ICMP) that is used to send a ping request to a computer and wait for a response. It helps to identify whether a network data packet can reach an IP address without any issues. Cybersecurity companies frequently use ping scans to identify gaps in a firewall’s coverage and then try to fix them.

XMAS scans: An XMAS scan will send a FIN packet from the server to terminate a connection after a successful transfer of data. If the port is closed, you will receive a response “no more data is available from the sender”. And if no response is received it will indicate that the port is still live and which can be used by the attacker to target these systems. Since FIN packets are rarely observed, it is quite challenging to manually detect them.

Half-open or SYN(short for synchronize) scans: It is a technique used by malicious attackers to determine the status of the port without actually establishing a full connection. In this attacker does not create a connection between the system instead it sends an SYN message, leaving the target hanging which helps them to identify the ports which are currently open on your system.

Methods to Protect the ports:

A Port scan is one of the most popular methods used by the attacker to identify vulnerable servers. Your network system will be susceptible to port scans as long as you have a server that is open to the public. However, there are a number of things you may do to reduce your vulnerabilities:

  • A strong Firewall: It prevents unauthorized access to your private network and controls ports and their visibility. Additionally, firewalls have the ability to recognize and stop active port scans.
  • TCP wrappers: TCP wrappers can provide administrators the freedom to allow or restrict access to the servers depending on IP addresses and domain names.
  • Uncover network holes: Businesses can conduct their own internal port scan to identify whether there are more ports open than required. Even they can check their system frequently for any vulnerabilities that might be exploited.