Recently, it was brought to my attention that there are concerns about some activities on the network that can be considered less than trustworthy. Specifically, the concerns are regarding network traffic called ping sweeps and port scans. I’m putting together this paper to explain how ping sweeps and port scans impact our network traffic.
First we must understand what these two things do before we can understand how they are used to impact a network. I’ll start with ping sweeps. A ping sweep is a signal that is sent to a range of machines on a network to simply see if there is a reply back. This is done via an ICMP Echo request that is sent to each machine.
The ICMP Echo request is a signal sent out to an IP address requesting an answer back. More commonly known as a ping. The ping will wait for a response from any machine that is using the IP address specified in the ping and will let the person sending the ping know if the port the machine is using on the network is open or not.
The ping sweep takes the ping to the next level as it will send these pings out to a large range of IP addresses requesting responses back. It lets the person sending the ping sweep know what machines are alive and what machines are off. It is an easy way for a less than scrupulous person to discover where they might be able to start an intrusion at.
But please understand that ping sweeps are not just used by intruders trying to crash our network or other nefarious actions. Ping sweeps are also utilized by our own networking personnel for use in troubleshooting issues on the network. It’s is also used in resolving licensing issues as well. So not all ping sweeps are bad for the network.
Port scans are a animal that takes ping sweeps to the next level. The goal of a port scan is to actually see a machine on the network by probing for machines. Of course, the machine must be powered on for the port scan to find it. When it does find...