APPLICATION SECURITY

Knowledge Base

Search Our Knowledge Base

AppSec Knowledgebase Categories >

What is Port Scanning

Port is a kind of door on the server that can be used to connect to a specific service. For a web server, port 80 and port 443, which are for HTTP/HTTPS , are most likely open to serve the website to the users. Other ports should be closed if they are not needed for any service. The port scanner tests the webserver with an SYN scan for a wide range of open ports and reports them back. If there are any other open ports except port 80 and port 443, the firewall should block them if they are not needed.

Unneeded open ports on the webserver open a large attack surface to a malicious user. This can be used to find unmaintained and possibly vulnerable network services that can be targeted. 

What Protocols are Used for Port Scanning

TCP (transmission control protocol) and UDP (user datagram protocol) are the most often used protocols for port scanning (user datagram protocol). They are both internet data transfer systems; however, their mechanics are distinct.

UDP is connectionless and unstable, whereas TCP is a reliable, two-way connection-based data transfer that relies on the destination’s status to complete a successful send. Data sent through the UDP protocol is provided without regard for the destination; as a result, there is no guarantee that the data will reach its intended destination.

There are various alternative strategies for doing port scans using these two protocols.

How Do Hackers Use Port Scanning as an Attack Method

When attacking networks, fraudsters frequently utilize port scanning as a preparatory step. They utilize the port scan to assess various firms’ security levels and decide who has a good firewall and a weak server or network. Several TCP protocol approaches allow attackers to hide their network location and execute port scans using “decoy traffic” without disclosing their network address to the victim.

Check for Insecure Network Services That Could Be Accessible Through the Internet with Veracode DAST Essentials.

Start a 14-day Free Trial

What Kind of Results Do You Find from Port Scanning

Port scanning works to categorize ports into one of the following categories:

  • Open: your destination replies with a message indicating that it is listening on that port and the service used for the scan (often TCP or UDP).
  • Closed: the destination received the request packet but returned a response indicating that no service was listening at the port.
  • Filtered: the port may open, but the packet has been filtered out and dropped by a firewall, resulting in no response. 

Most Common TCP Ports

  • Port 80 (HTTP)
  • Port 23 (Telnet)
  • Port 443 (HTTPS)—SSL-encrypted web servers use this port by default.
  • Port 443 (HTTPS)—SSL-encrypted web servers use this port by default.
  • Port 22 (SSH)
  • Port 25 (SMTP)
  • Port 3389 (ms-term-server)
  • Port 110 (POP3)
  • Port 445 (Microsoft-DS)
  • Port 139 (NetBIOS-SSN)
  • Port 143 (IMAP)
  • Port 53 (Domain)
  • Port 135 (MSRPC)
  • Port 3306 (MySQL)
  • Port 8080 (HTTP-Proxy)
  • Port 1723 (PPTP)
  • Port 111 (RPCBind)
  • Port 995 (POP3S)
  • Port 993 (IMAPS)
  • Port 5900 (VNC)

Why Should You Use a TCP Port Scan

Unneeded open ports on the webserver open a large attack surface to a malicious user. This can be used to find unmaintained and possibly vulnerable network services that can be targeted.
The critical advantage of using an online version of the Nmap port scanner (rather than one installed on your local PC) is that it provides an external view of your systems, like any hostile hacker on the Internet. Because of various firewalls and network constraints, you may get different findings if running the same scan from your internal network. In addition, our port scanner is:

  • Ready to go.
  • Upgraded regularly.
  • Upgraded regularly.
  • Provides you with an excellent report to share with security teams or colleagues.

How Do You Run a Port Scan

A port is a kind of door on the server that can be used to connect to a specific service. For a webserver, port 80 and 443, which are for HTTP/HTTPS, are most likely open to serve the website to the users. Other ports should be closed if they are not needed for any service.

The port scanner tests the webserver with an SYN scan for a wide range of open ports and reports them back. If there are any other open ports except port 80 and port 443, the firewall should block them if they are not needed.

Attackers scan targets regularly, taking an inventory of all available ports, knowing that every open port is a potential for compromise. We have included a port scanner in our DAST Essentials tool to help you avoid data loss and budget for cyber attack mitigation to make your work easier and faster. Start your 14-day, free trial of DAST Essentials today (no credit card needed).
 

DevSecOps Playbook: Practical Steps to Producing Secure Software

Get the eBook