BullGuard’s Home Network Scanner monitors your home Wi-Fi network for vulnerabilities that could be exploited by hackers, such as open ports.
Why is this important? Port scanning has long been a popular probing tactic among hackers. It is typically used as a reconnaissance step to identify vulnerable computers or devices connected to the internet.
In recent years it has become even more popular as automated, mass port scanning tools have grown in sophistication.
It’s no coincidence that this reflects the huge growth in Internet of Things (IoT) devices connecting to the internet. As such automated attacks that rely on IP and port scanning are everyday events.
How ports work
- Each computer has multiple ports. For instance, when a person opens their email, a port is opened through which new mails are downloaded via a connection to the email server.
- Some ports on a computer are open by default making them a target for hackers. These ports are open, or more accurately the application that is using the port is listening, so applications can accept data.
- If there is no application listening on a port, incoming packets to that port will simply be rejected by the computer's operating system.
Port scan probes
When an attacker probes a system with a port scan attack, each port will react one of three ways:
- It will respond as ‘open’ alerting the hacker that there is a device is on the other end
- A closed port will respond as well, but it will deny an access request
- It won’t respond at all
An open port means that something is listening on that port and an attacker can communicate with whatever is running on that port which is a potential entry for an attack.
Why attackers exploit ports
An attacker’s intention is to run an exploit. This means they might want to plant malware or banking Trojans into a computer, or they might want to take control of the device.
This latter point generally refers to smart devices but that said hackers can take remote control of a computer without the user knowing.
- To run an exploit an attacker needs to find a vulnerability.
- To find a vulnerability the attacker needs to fingerprint all services which run on the machine. This means identify all the services running on a computer; discover which protocol the services are using and ideally which versions of programs are running.
- To fingerprint a service, the attacker needs to know that there is one running on a publicly accessible port.
- To find out which publicly accessible ports run services, the attacker needs to run a port scan.
Hence, a port scan is the first reconnaissance step an attacker performs before attacking a system.
In a sense a port scan is like finding a building with either doors or windows before the attacker decides whether they can be opened or unlocked.
From an attacker’s perspective port scanning helps them gleans a small amount of information about the state of a computer which lets them tailor the next layer of the attack.
There are approximately 65,534 ports on computer and thousands of them can be open. Port numbers are typically used for the same services so attackers can identify what service is running via the port.
Knowing which ports are open gives the attacker some information as to what the machine is running.
- For instance if port 80 and 443 are open then they safely assume that some form of webserver is being used.
- The attacker then identifies what webserver is running and what software the webserver is running.
- They can then try default usernames and passwords. With millions of smart devices now connected to the internet, and many of them poorly protected with default username and passwords, an attacker’s job is much simpler.
As an aside, attackers generally target open ports to insert malware but the growing number of smart devices as opened up new opportunities.
IoT may be a relatively new technology but millions of smart devices are now connected in homes around the world. Those that are unprotected can be taken over by hackers.
Home Network Scanner
BullGuard’s Home Network Scanner
makes it easier to find vulnerabilities in smart devices that are connected to the home network.
- It analyses the home network and makes a list of all connected devices
- It scans specific network ports on those devices and finds out which of the ports are open and which are closed.
- If it detects that some devices have open ports that can be potentially exploited, the user is notified and prompted to close those ports, patching the hole.
Because the IoT market is extremely varied each smart device has to be approached individually. You will have to find a user manual for any smart device in which an open port has been detected and search the guide for instructions on how to close it.
That said not every device actually allows the closing of ports. If a device is missing this feature, you might want to ask yourself whether you really need it given that the open port is a potential vulnerability.
And of course, you need to change a device’s default username and password as a matter of course.