LinuxWorld: Understanding stealth scans: Forewarned is forearmedMar 22, 2001, 08:02 (0 Talkback[s])
(Other stories by Joe Barr)
"If you stay connected to the Internet, you will be scanned. It's a fact of life. If you have a continuous connection, you'll be scanned regularly, quite often by someone with bad intentions. This week's column is a basic primer on scanning: what it is, why it's done, and the wonderful world of "secret handshakes" and stealth scans."
"Scanning a system, or a network, is normally done in order to find out what services are available. But remember, there are two groups who do it regularly. The good guys -- system administrators and network security folk -- do it to see what is exposed and thus vulnerable to attack. The bad guys -- script kiddies and worse -- do it to see what is exposed and thus vulnerable to attack. Funny, that is."
"Scanning is like going up to an apartment building and knocking on each door to see who is home. Are you running a Web server? A mail server? BIND? Telnet? FTP? RPC? Those are the questions that scanning answers. Unfortunately, the answers often reveal enough about your system to allow an uncouth visitor unauthorized access."