Perform a Port Scan on Your Own System

Hmmm…a port scan you say? No problem! Just let me get up and look at the back of the computer to see if any malicious device is plugged in to any of the ports…..

Unfortunately, those aren’t the ports I’m talking about! In this post, I’ll give you a high level view of how logical computer ports work and why it’s needed in almost all type of computer communication. Also, you’ll understand why having open ports in your computer can harm you. Finally, I’ll point you to a site where you can perform a friendly scan on your system to see if you have ports opened or not.

How Your Computer Uses Ports

When a lot of people think or hear about the word ‘computer port’, they immediately think about the ports on the back of the computer like the serial port, the Internet connection port, the video port, and so on and so on. They think of the port as being a physical manner, something they can see and touch. When we think of a port, we imagine plugging in some sort of device into the computer via that port so that it can ‘communicate’ with said computer. That’s absolutely correct in that sense.

Now think of that same concept but with network communication ports. These are logical ports and it’s not physical in nature so you can’t see or touch them in anyway. The best way to describe them is to think of these ports as ‘doors’ or ‘gateways’ into your computer. If you want to invite someone into your home, you obviously have to open the door for them right? If you close the door, then you are denying them access to your home. The same goes for communication ports. When other computers want to communicate with you or vice-versa, there must be a way for the computer to keep track of the different communication chatter going on. Computers use ports for this purpose. Now you are probably wondering how much communication is going on for my computer to need these ports? The answer is: a lot. Almost every network communication function requires a port. Think of it like this. When you request for your favorite webpage (Myspace, Facebook, Google, Yahoo, etc), your computer uses port number 80 for that communication channel. This is because port 80 is used by the HTTP protocol, which is the protocol used to fetch that website for you. There are many standard ports used in order to facilitate a interoperability between the different operating systems in use in the world today. Therefore it doesn’t matter if you use a Linux, Apple or Windows computer. When you request a webpage on that system using the browser of your choice, by default it will communicate with the host web server with port 80. These standard ports are called well-known ports. There are definitely a ton of these well-known ports defined and it’s impossible to list them all here but I can definitely name some of the more popular one’s used.

FTP (File Transfer Protocol – Port 20 and 21
SSH (Secure Shell) – Port 22
Telnet – Port 23
SMTP (Simple Mail Transfer Protocol) – Port 25
HTTP (HyperText Transfer Protocol) – Port 80
POP (Post Office Protocol) – Port 110
IMAP (Internet Message Access Protocol) – Port 143
HTTPS (HyperText Transfer Protocol Secure) – 443

If you want to learn more about well-known port numbers, you can browse through here.

How Ports Work

Now that we have a better understanding of what ports are, let’s take a look at a real world example at how these ports are put into work. For a given communication to work between two computers, no matter where they are located in the world, there are generally four pieces of information that is required. They are the source IP address, source port number, destination IP address, and destination port.
Let’s say you’re comfortably browsing the web while chatting with some of your friends with the popular chatting client, AIM. In the background, this is what happens. Let’s say you entered the web address of www.Cnn.com to get your daily news fix. As soon as you hit enter, a lot of process is flowing in the background to fetch that webpage for you. Namely, your computer sends a request to the CNN web servers with your IP address, source port (which can be a random number assigned to allow your computer to keep track of your session) along with the destination IP address and the source port number which should be port 80 as this is a webpage request. Once the CNN web servers get this information, it will use the source address and source port as the destination address (in order for it to send it back to you). When the information arrives back at your computer, it needs to know what to do with the data it just received. The computer realizes that the data is destined for the same port it issued to you for that given communication. Therefore from that, it knows the initial communication request was to fetch for a webpage at the source with port 80. So, it will then pass that data up the network stack to be processed by the other layers until ultimately, the webpage is displayed on your screen. On your AIM application, the process is the same but AIM uses a different port for communication. Therefore, another port on your computer needs to be open and listening to see if any information was destined for it. AIM uses port numbers 5190 – 5193 by default. Once again, if these ports are open, then you are able to communicate with your friends without any problems. As you can see from this simple example, ports help the computer and application themselves to have their own communication channel on the computer whenever they want to communicate with the rest of the network.

When Ports Go Bad

How in the world can a port, something we can’t see or touch go bad is what you’re probably wondering. Well, as mentioned earlier, ports are nothing more than ‘entry-ways’ to your computer if you are looking at this from a security perspective. Just as how a stranger can sneak into your house to steal your items if you leave the door open, the same can happen with network ports! The more applications you install that requires network communication, the more ports will be required to be open in order for them to function properly. Another scary part about all this port mumbo jumbo is that most users don’t really care or even know anything about how they work. Here, I’ll go over some malicious activity that can occur with open ports in general. I’ll try to make it as easy as possible to understand.
When a malicious hacker wants to gain control of your system, one of the ways they can gain entry is through port openings. Ports are usually tied to a computer process which in turn is tied down to a service. If the hacker finds an exploit in a service, they can attack that exploit via the open port. This is easier said than done but considering how a lot of users don’t patch their computers, this is certainly a favorable attack method for many.
Another malicious use for ports is for entry back into your system at a later date and time. If I already got entry into your system via a service exploit, one of the first things I would want to do is to ensure that I can at a later date and time return back into your system to cause havoc. One of the best ways to do that is by opening a port. If the user suddenly patches up his/her system, than I might not be able to use that service exploit again. However, if I have that mysterious port opened, your computer will welcome me back with open arms and you wouldn’t even know it! There is a possible 65,536 ports for use by both the TCP and UDP protocol! If I hacked into your system and configured port 7654 to listen for my commands, would you know about it?

Home Routers

With the popularity of home routers rising, more and more people are being protected in their home network than they realize. While the user is happy that all four of their home computers can now connect online at the same time, what they don’t know is that the router is also protecting their network via a built-in firewall. Remember, if a port is not opened, communication cannot occur through it! With a firewall, it helps protect your network by simply blocking ports so that the outside world (hackers) cannot exploit them. If a hacker tried to send you some data on some random port, the firewall would simply reject them. If I however, initiated the connection (requesting a webpage) in the first place, than the router/firewall is smart enough to know that the returned data is expected of (source port) and will therefore, correctly route it to my computer. This is one of the main reason why I urged a lot of people to buy a router for their home network even if all they have is one computer. The protection offered is worth the price of the device alone. While the technique I’ve just described works well, it’s not fool-proof. One of the attack method hackers are using is by ‘piggybacking’ their way in to your system via a well-known port. For example, port 80 is very attractive target as it’s used by almost everyone who wishes to connect to the Internet to view webpages. If I got into your system, I could setup a malicious service to listen to port 80 for further directions and commands. A novice system administrator or home user will never suspect anything of it. In this situation, it’s best then to not get infected in the first place by using all other protection mechanisms!

Scanning Your System for Port Openings

One of the awesome online service that I often use on user’s system is from Steve Gibsons GRC website, called ShieldsUP! It scans against your system to see if some of the well-known ports I’ve mentioned earlier are open and listening for a connection, which is obviously something we don’t want!

1. Head over to Steve’s GRC website.

2. Near the top, highlight the Services tab and from the dropdown menu, select the ShieldsUP! service.

3. Read over the informative text on the next screen. Here, you will see your current IP address provided to you by your Internet service provider. This IP address is the address that ties you to the Internet. Everything that you do online is through this address. When you are finish reading it, hit the Proceed button to continue.

4. The next page is where the magic happens. Before continuing though, I highly urge everyone to read up a little on the security and dangers of the Internet by scrolling towards the bottom. Steve Gibson is one of the best security guru’s out there in the security field and he’s nice enough to provide us with a little background on how file sharing and port scanning works over the Internet.

5. Once you have done so, we can now begin our friendly port scan of our system. Remember, hackers have tools that can perform the same port scan against an IP address and trust me, their motive for doing so is way different from Steve! We have a couple of options on how to proceed with the port scan. The two main one’s are the File Sharing and Common Ports options. To initiate the port scan, simply click on one of them. The scan only takes a few seconds and the results will be immediately shown.

Hopefully, you have the same results as me! You’re free to perform the other port scan options if you wish. You can even specify custom ports to be scanned. As noted by Steve, it’s imperative that you also warn your friends and family members about the dangers of ports. However, I understand that not all people are interested in this kind of stuff so at the very least, help them perform the port scan by going to the website. Steve also has many other free services that you can utilize to protect yourself from the bad guys.

As a final note, I just want to point out that what I have written about on ports is just a very high level view of it. The topic certainly goes way deeper than that (doesn’t it always?). Hell, there are probably books wholly dedicated to the topic alone. If by reading this has peaked your interest on port scanning and vulnerabilities, I highly suggest your next step to learn about using the Netstat and Tasklist command line tool to further your research. When diagnosing a malware stricken computer, the ability to see what open ports and processes are running on the system can go a long way into helping you solve why and how the computer got infected in the first place.