Port scanning is the act of systematically scanning a computer’s ports. A port on a computer is a place where information goes into and out of the computer and port scanning identifies the status of any of these ports.
Port scanning has legitimate use in network management but it can also be used in a malicious nature if an attacker is looking for weakened access point to break into a computer. Usually services running on these ports broadcast version and other information about itself for troubleshooting and other kinds of uses but this also gives a lot of information to the would be attacker.
Type of port scans
This type of scan attempts to connect to all known 65,535 ports
This is a more focused scan and looks for only known services to exploit
This type of scan sends packet fragments that get through simple packet filters in a firewall and later joined back together at the target
This type of scan looks for all open UDP ports
This kind of scan connects on the same port on more than one machine for example looking for any FTP servers an attacker would do a sweep scan for port 21 over a range of given network machines
This kind of scan prevents the scanned computer from recording the port scan activities, this is due to the structure of the request sent by the port scanner.
Tools of the trade
The most popular tool for port scanning is nmap and provides a wide variety of options of performing different kind of port scans like stealth scans and many more. Its modular architecture has also enabled development of plugins that have expanded its capabilities
These attacks can now be easily detected by firewalls and intrusion detection systems. Current intrusion detection systems like snort can at times frustrate the attacker by dropping packets used in scanning giving the port scanning tools false positives.
Some other way of defeating the port scans is to install services on ports other than the default ports and also to disable display of service banner information to stop any finger print scans
Port scanning is not illegal per se but is most times indicative of beginnings of an attack hence measure have to be taken to secure any internet facing devices.