Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Expert Finds Port Scans Not Tied To Hack Attacks

Port scanning, the practice of sniffing for computers with unprotected and open ports, isn't much of a harbinger of an attack, a University of Maryland researcher said Monday.

Michel Cukier, an assistant professor at the College Park, Maryland-based school, said that contrary to common thought, few port scans actually result in an attack. In fact, only about five percent of attacks are preceded by port scans alone.

"But when you combine port scans with other kinds of scans, particularly vulnerability scans, there's a much higher probability of an attack," said Cukier.

Nearly three-quarters of the attacks prefaced by some kind of scan came after both a port and a vulnerability scan were run against the exposed PCs, noted Cukier's report.

"The identification of port scans and vulnerability scans launched from a single source IP address is a good indicator that an attack will follow from the same IP address," said the report.

  • 1