 |
  
Computer News No. 106, Nov-Dec 2003 |
|
Computer News No. 106, Nov-Dec 2003 |
The Computer Centre regularly receives enquiries at the Help Desk from network users who have realized that they have been sending out a lot of data without their knowing. Also, some users who have installed a firewall program in their PC's from time to time seek assistance from the Computer Centre in trying to understand the meaning of a recording log of port scans of their PC's. This article attempts to explain what port scanning is and what we at the Computer Centre and what you can do about it.
Port Scanning is a technique used by hackers on the Internet to discover open network ports in your computer which they can break into. Network ports are communication channels for services such as email, telnet, file transfer, HTTP, etc. Since a port is where information goes in and out of a computer, port scanning identifies open doors to a computer, and if a port is open, it could be exploited by the attacker by breaking through the vulnerabilities (bugs) in the computer system. For example, in sending email, spammers try to relay their spam through an SMTP server which has an open port for them to come in and send the spam through it.
A systematic port scan would send a message (a packet with a chosen destination port number) to each port, one at a time, usually in very short intervals. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Some malicious programs such as computer viruses and Trojan horses can be introduced into your computer via these open ports, therefore if your PC is sending out large amounts of data, this usually indicates that your system may have a virus or a Trojan horse.
Proxy server are the popular targets being scanned. Most web servers support the proxy function so that requests of web pages can be directed to a single server which caches recently visited web pages to improve performance. A lot of these servers are misconfigured to provide proxy service for any request from the Internet, allowing attackers to relay attacks against web sites through a third party. A "denial-of-service" attack can be brought on a proxy server by attackers to prevent legitimate users of a service from using that service.
Technically, there is no way to stop someone from port scanning your computer while you are on the Internet. It is because in accessing any Internet service, your computer would open a port to Internet. There are, however, some things you can do to stay vigilant:
1. Install an anti-virus software on your computers - both at home and in the work place. The importance of this measure cannot be emphasized more. And remember to update the virus definitions and scan your PC for virus regularly (if possible, daily).
2. Perform Windows Update - Microsoft will put out patches that will close up these open ports or fix other vulnerabilities when they are found. By performing Windows Update regularly, you can minimise the chances of your open ports being exploited. (Click the IE browser's menu Tools => Windows Update => Scan for Updates => install all critical updates.)
3. Install a firewall software to monitor for any scanning activities on your PC
4. Watch our network security alerts published at http://www.itservices.hku.hk/alerts/ for the latest security alerts.