Updated on 2022-12-12 GMT+08:00

External Attacks: Port Scan

What Is Port Scan?

In a port scan attack, an attacker sends a request to the IP address of a target server or workstation to discover open ports, and exploit vulnerabilities through the port to launch attacks.

Cases

The following are several cases of port scan attacks on hosts:
  • Case 1:
    1. The host is scanning a large number of external ports 6379, as shown in Figure 1.
      Figure 1 Port scan
    2. The query result shows that these IP addresses are from different countries/regions.

  • Case 2:
    1. An abnormal process is detected on the host, as shown in Figure 2.
      Figure 2 Abnormal process
    2. The query result shows that the IP address connects to C&C.

      C&C refers to command and control, a communication mode between hosts.

      A C&C host sends commands to a victim system and receives data from the system.