Ping Sweeps and Port Scans
Ping sweeps and ports scans are a common ways for hackers to probe a network and attempt to break into it. Although network probes are technically not intrusions themselves, they should not be taken lightly—they may lead to actual intrusions in the future. In the information that follows, I will provide a standard definition of a ping sweep and port scan, the possible uses of the two, and the prevention methods which are in place in our company to combat ping sweeps and port scans of our network by would be attackers.
According to Whatis.com, a ping sweep is a basic networking scanning technique used to determine which range of IP addresses are mapped to active computers. During a ping sweep, Internet Control Message Protocol (ICMP) Echo requests are sent to many computers, which determines which are active and which are not ("What is ping sweep (ICMP sweep)? - Definition from Whatis.com," n.d.). If a given address is active, it will return an ICMP Echo reply and the attacker will then focus on those machines.
Hackers are not the only ones who perform ping sweeps. I use ping sweeps to find out which machines are active on the network for diagnostics reasons and our ISP (Internet Service Provider) uses automated ping operations to monitor their connection. Disabling the ICMP protocol is one option to prevent ping sweeps; however, doing so may cause problems with our ISP leading them to think that the connection is not functioning because their monitoring software tells them that the connection is down. Another consideration is that some of our software makes use of ping operations for their normal functioning as well, and these may believe that our computers are no longer responding if the ICMP is disabled.
The solution to this situation is permitting ICMP only to a given computer or IP range. For example, we contacted our ISP and confirmed the IP addresses of the monitoring machines they are using, and then used the IP...
Please join StudyMode to read the full document