Tweet
I'm sure most of us have used (or at least understand) a port scanner. A port scanner such as nmap can find all the open ports on a remote system.
So far, so good.
But I'm thinking of this in reverse. Suppose there is an 'agent' out there on our network. Maybe he's a good actor, or a bad actor; we don't know. But he is running a port scanner against our local machine. Perhaps he's looking for vulnerabilities in our system.
Let's say he scans many TCP ports, but I'll pick one at random: 1503. It was used by Windows Live Messenger. But on our local machine, we don't use Live Messenger and we've closed TCP port 1503.
My question: how can we detect that someone 'knocked' on TCP port 1503? Is there a Windows service or command line that can generate reports? More interestingly, is there a PB/CC solution? I've used pretty much every feature of TCP in PowerBasic, but only for open ports. It never occurred to me to try to work with closed ports.
Any ideas?
So far, so good.
But I'm thinking of this in reverse. Suppose there is an 'agent' out there on our network. Maybe he's a good actor, or a bad actor; we don't know. But he is running a port scanner against our local machine. Perhaps he's looking for vulnerabilities in our system.
Let's say he scans many TCP ports, but I'll pick one at random: 1503. It was used by Windows Live Messenger. But on our local machine, we don't use Live Messenger and we've closed TCP port 1503.
My question: how can we detect that someone 'knocked' on TCP port 1503? Is there a Windows service or command line that can generate reports? More interestingly, is there a PB/CC solution? I've used pretty much every feature of TCP in PowerBasic, but only for open ports. It never occurred to me to try to work with closed ports.
Any ideas?
Comment