ACSIA Help Center

What is a "port scan"?

Permanently deleted user
Permanently deleted user
  • Updated

Overview

This article will explain the ACSIA alert called "port scan".


Explaining the port scan

"port scan" refers to the process of actively examining or probing a computer or network to identify which network ports are open and accessible.

When someone performs a port scan, they are trying to identify which ports on a computer or network are available for communication. The scan helps reveal potential vulnerabilities or services that might be running on the system.

Here's an example to help illustrate this concept:

Imagine our computers are like a house with multiple doors, each door representing a different network port. A port scan is like someone walking around our houses and trying each door to see which ones are open or closed.

In the world of cybersecurity, an attacker or a security professional might conduct a port scan on a computer or network to gather information about potential entry points or services that are exposed to the internet. By scanning the ports, they can identify if any are left open, providing opportunities for unauthorized access or exploitation.

For instance, a port scan might reveal that port 80 (commonly used for web traffic) and port 22 (used for secure shell access) are open on a particular computer. This indicates that a web server or SSH service is running and accessible. Depending on the specific circumstances, an open port could present a security risk if the associated service has vulnerabilities that can be exploited by an attacker.

Port scanning itself is not necessarily malicious. It is a technique used by both attackers and cybersecurity professionals to assess the security posture of a computer or network. However, unauthorized or malicious port scans by attackers can be a precursor to more targeted attacks or an attempt to identify potential vulnerabilities.

ACSIA alerts you when a port scan is being performed on your infrastructure. Here's all the information that ACSIA shows you in the Live Notification:

Also, on the right of the above screen, we can see the actions that a user can perform in such cases.

 

If you've activated the "Public IP auto-ban" in settings, ACSIA won't show you alerts, in the Live Notification, if an aggressive port scan is being performed, because it automatically triggers the auto-ban.

By "aggressive port scan" we mean that many port scans have been performed in the timeframe of 5 minutes, sometimes scanning even the OS version.

To activate the "Public IP auto-ban":