Security Expert Finds Port Scans Not Tied To Hack Attacks

ronjor · Dec 12, 2005

Port scanning, the practice of sniffing for computers with unprotected and open ports, isn't much of a harbinger of an attack, a University of Maryland researcher said Monday.

Michel Cukier, an assistant professor at the College Park, Maryland-based school, said that contrary to common thought, few port scans actually result in an attack. In fact, only about five percent of attacks are preceded by port scans alone.
Click to expand...

Story

sosaiso · Dec 12, 2005

5% seems like a big number to me. :/

tuatara · Dec 12, 2005

and 0,05 % (of the 5 %) attacks are successfull.

Are that 1, 10 or 1000000 successfull attacks a year ??

ronjor · Dec 15, 2005

Rather than counting the number of packets in a connection, it's far more important to look at the content when classifying a connection as a port scan or an attack, Ullrich said.
Click to expand...

Schneier on Security

Paranoid2000 · Dec 17, 2005

One reason (mentioned in the comments in Schneier's blog) is that attackers are getting smarter with port scans - either doing them well in advance of the main attack or spreading them over time and via different addresses to avoid being identified as scans. They are still important as a first step (like scouting the terrain before a military attack) but identifying them will become much more difficult, requiring analysis of traffic patterns over a longer period (days or even weeks).

Log in or Sign up

Security Expert Finds Port Scans Not Tied To Hack Attacks

ronjor Global Moderator

sosaiso Registered Member

tuatara Registered Member

ronjor Global Moderator

Paranoid2000 Registered Member

Log in or Sign up

Security Expert Finds Port Scans Not Tied To Hack Attacks

ronjor Global Moderator

sosaiso Registered Member

tuatara Registered Member

ronjor Global Moderator

Paranoid2000 Registered Member

Useful Searches