Table of Contents
Advertisement
30.8.1 Port Scanning
An attacker scans device(s) to determine what types of network protocols or services a device
supports. One of the most common port scanning tools in use today is Nmap.
Many connection attempts to different ports (services) may indicate a port scan. These are
some port scan types:
• TCP Portscan
• UDP Portscan
• IP Portscan
An IP port scan searches not only for TCP, UDP and ICMP protocols in use by the remote
computer, but also additional IP protocols such as EGP (Exterior Gateway Protocol) or IGP
(Interior Gateway Protocol). Determining these additional protocols can help reveal if the
destination device is a workstation, a printer, or a router.
30.8.1.1 Decoy Port Scans
Decoy port scans are scans where the attacker has spoofed the source address. These are some
decoy scan types:
• TCP Decoy Portscan
• UDP Decoy Portscan
• IP Decoy Portscan
30.8.1.2 Distributed Port Scans
Distributed port scans are many-to-one port scans. Distributed port scans occur when multiple
hosts query one host for open services. This may be used to evade intrusion detection. These
are distributed port scan types:
• TCP Distributed Portscan
• UDP Distributed Portscan
• IP Distributed Portscan
30.8.1.3 Port Sweeps
Many different connection attempts to the same port (service) may indicate a port sweep, that
is, they are one-to-many port scans. One host scans a single port on multiple hosts. This may
occur when a new exploit comes out and the attacker is looking for a specific service. These
are some port sweep types:
• TCP Portsweep
• UDP Portsweep
• IP Portsweep
• ICMP Portsweep
ZyWALL USG 1000 User's Guide
Chapter 30 ADP
451
Advertisement
Table of Contents
Troubleshooting
