Monitor for port scanning of resources
- Solomon F Prophete
Analytics
Description:
Port scanners are applications that identify which ports and services are open or closed on an internet-connected device. The scanner sends a connection request to the target computer on all 65,536 ports and records which ports respond and how. The type of response received from the ports indicates whether they are in use or not.
Port scanning is not an attack in and of itself but rather part of the reconnaissance phase of an attack during which an attacker tries to find out as much as possible about his intended target. The general objective of a port scan is to map out the system's OS and the applications and services it is running in order to understand how it is protected and what vulnerabilities may be present and exploitable. Also, note that port scanning can be done by both attackers and defenders, as explained later.
Solution:
If any ports are open, it’s possible that those ports don’t actually need to be accessible from outside of your network, in which case you can get to work blocking them or shutting them down. If you do need those ports open, you can begin to apply patches to protect your network against attackers.
Firewalls can also be configured to alert administrators if they detect connection requests across a broad range of ports from a single host.
Reference:
https://cloud.google.com/security-command-center/docs/concepts-security-sources