term papers categories





 Ping Sweeps & Port Scans

      [The name of the writer appears here]

       [The name of the institution appears here]

Whenever a large network is set up, it is first probed. As the cracking tools have became more in number and gained popularity, this is likely to continue. Although, the network probes are not technically intrusions, but they can lead up to an intrusion in future so they should not be taken lightly. As the saying goes, netter be safe than sorry. The two major probes are Port Scans and Ping sweeps.
Port Scans:

Click to Order a Custom Term Paper Now...

The most common type of network probe is probably the port scan. A port scan is a method used by intruders to discover the services running on a target machine. The intruder can then plan an attack on any vulnerable service that she finds. For example, if the intruder finds that port 143 (the IMAP port) is open; he may proceed to find out what version of IMAP is running on the target machine. If the version is vulnerable, he may be able to gain super user access to the machine using an “exploit” (a program that exploits a security hole).

A port scan is actually very simple to perform. All we have to do is to connect to a series of ports on the machine and find out which ports respond and which don't. A simple port scanner can be written in under 15 minutes by a good programmer in a language such as Java or Perl. However, this kind of port scan is easily detectable by the operating system of the target machine. Traces produced by such a port scan in a log file (usually /var/log/messages) on a Linux box. You may notice that a series of connections to various services occurred in a short span of three seconds. Since it's so easily detectable, most intruders will not run this kind of port scan against a machine these days.

Click to Order a Custom Term Paper Now...

Ping Sweeps:

A ping sweep is another kind of network probe. In a ping sweep, the intruder sends a set of ICMP ECHO packets to a network of machines (usually specified as a range of IP addresses) and sees which ones respond. The whole point of this is to determine which machines are alive and which aren't. It's a bit like knocking on your neighbors' doors at 3 a.m. to see who's asleep and who's not (okay, don't try that). Once the intruder knows which machines are alive, he can focus on which machines to attack and work from there. Note that there are legitimate reasons for performing ping sweeps on a network—a network administrator may be trying to find out which machines are alive on a network for diagnostic reasons.

Click to Order a Custom Term Paper Now...

fping is a tool that can be used for conducting ping sweeps. fping takes a list of IP addresses and sends ping packets to them. Unlike normal ping, fping sends one ping packet to one IP address, and then proceeds immediately to the next IP address in a round robin fashion.

Port scans and ping sweeps are just two of many types of network probes. Current network-probing tools have matured significantly. Their continued development and availability means that system administrators will see more interesting probe patterns in the future.
To examine some of these other network probes, let's see Nmap. Nmap is able to perform decoy scans. When such a scan occurs, you'll see scans from unique IP addresses on your system, but you won't be able to pick out which one is the real IP address that scanned you. The point of this is to confuse the system administrator, of course.

Click to Order a Custom Term Paper Now...

Besides decoy scans, Nmap also has the ability to remotely identify the operating system running on the target machines. This is done using a technique called TCP/IP stack fingerprinting. The current version of Nmap (2.53) is capable of identifying 465 different versions of operating systems, routers and other devices. Such ability is useful for the intruder because it enables the intruder to identify the weaknesses on a machine since security holes are usually operating system specific.

Therefore the Post Scans and Ping sweeps should be dealt with a lot of care in the start, so that the network should be kept safe from the intruders.


Stuart McClure, Joel Scambray, and George Kurtz,, 1999, “Hacking Exposed: Network Security Secrets and Solutions”

Stephen Northcutt, 1999, “Network Intrusion Detection: An Analyst's Handbook”

Click to Order a Custom Term Paper Now...


Disclaimer: These papers are to be used for research/reference purposes only. All papers should be used with proper references.


© Copyright 1996-2008 Best Term Paper and Research Papers