3

If any application is scanning the ports of other machines, to find out whether any particular service/application is running, will it be considered harmful? Is this treated as hacking?

How else can one find out on which port the desired application is running (without the user input)?

Let's say I only know the port range in which the other application could be running, but not the exact port. In this case, my application ping each of the port in range to check whether the other application is listening on it, using already defined protocol. Is this a normal design? Or is this considered harmful for the security?

gnat
  • 21,442
  • 29
  • 112
  • 288
Manoj R
  • 4,076
  • 22
  • 30
  • 2
    Not really on-topic, and whether it is considered harmful depends on who you are asking, the intention and how much of the network this uses. – Oded Aug 30 '12 at 11:52
  • 4
    Port Scanning should not be actively disruptive to any sanely configured network. *However* there is hardly any legitimate use for port scanning, except maybe network security (a.k.a. doing what the "bad guys" do to see what they *can* do). Therefore it automatically is pushed into the "hacking" area. – Joachim Sauer Aug 30 '12 at 12:01
  • 1
    Possibly a better fit for http://security.stackexchange.com/ – Tom Squires Aug 30 '12 at 12:55
  • 2
    If you are worried it is considered "hacking" then don't do it. People who have a need to scan ports either have permission to do so or don't care. – Ramhound Aug 30 '12 at 13:11
  • Is a different port strategy an option? Can you explain why the applications port is unknown? – Freiheit Aug 30 '12 at 13:20
  • 1
    obligatory link about [considered harmful](http://meyerweb.com/eric/comment/chech.html) – Ryathal Aug 30 '12 at 15:53

6 Answers6

18

Yes, portscans are considered a form of hacking, but a relatively low threat level (and pretty common), so it's unlikely to have any consequences except possibly getting your IP blocked.

How else can one find out on which port the desired application is running (without the user input)?

Applications typically run on a fixed "well-known" port that is hardcoded as default.

Michael Borgwardt
  • 51,037
  • 13
  • 124
  • 176
6

It is not a good idea to scan for ports. Port scanning probably will be against network policies. You should make it configurable which port to connect, and use a default if not configured specifically.

user1063963
  • 290
  • 2
  • 9
6

If the network in question has any kind of intrusion detection, scanning a significant number of ports will tend to throw up a flag and attract administrator attention. Depending on the policies in place and whether you are inside or outside the network, the response could be anything from blocking your scans to cutting off the machine doing the scan to coming and finding you to yell at you.

Most applications run at a fixed 'well-known' port number (for instance, web servers normally answer at port 80). Thus, you usually don't have to scan for things.

If you absolutely have to have a range of ports (I can't think why), then you need to keep the range of ports small (5-10 ports would be good) and don't hammer on all of them as fast as possible. You'll be unlikely to attract attention if you go at reasonable rates.

Michael Kohne
  • 10,038
  • 1
  • 36
  • 45
3

Yes, as other have noted use a well-known or default port. Make it configurable.

Scanning may not work anyway as some sites/servers will stop responding to you if it detects port scanning.

Port scanning for security purposes is acceptable with appropriate authorization. In this case it us used to determine if services which should not be available are available. It can also be used to provide a map of listening ports for additional uses including service auditing.

BillThor
  • 6,232
  • 17
  • 17
3

Port scanning is rude, likely to be against network policies, and won't scale very well.

There are systems intended for things like service discovery, such as zeroconf. Look into those.

Peter Eisentraut
  • 941
  • 5
  • 5
2

Some questions in response to your question:

  • Is the computer on the other end under your "control" (on the same LAN/WAN/VPN, accessible by you under some agreement with whatever remote network the computer is hooked into)?
  • Are you scanning "intelligently" (trying the ports most likely to be the ones used first)?
  • Could there be multiple copies of the same or similar software running on different ports?

If the answers are "yes", "yes", and "no", respectively, then a port scan is probably permissible. If you don't know exactly which port you must connect on (and it's not the default for the application or higher-tier protocol being used), then the only two options are to ask some authority (human or automated) or to try all possibilities.

Things that are always bad about port scanning are:

  • Port scans are a common attack precursor; the attacker is looking for an open door to establish a connection for further exploits. Thus, sysadmins and the hardware they maintain will see your scan, assume it's hostile and take steps to shut you down.
  • If port scans are to be expected as normal, the effectiveness of many anti-hacking tools is greatly reduced. As in the previous point, port scans are a common precursor to an attack. If some scans are to be expected as normal, and others shut down as hacking, the sysadmin/firewall must know exactly which is which (and whenever there's a legitimate way to get in, there's a way to spoof it).
  • Port scans take time. If the remote computer ignores rather than rejects connection requests, each attempt must time out (taking several seconds) instead of your scan being able to move on to the next port after a rejection (bound mainly by threading and network latency).

However, targeted port scans on computers under your control can be a useful diagnostic. I implemented a port scanner into some software my company's help desk uses, as a diagnostic to determine why a machine they support is responding to pings but not allowing more advanced access.

KeithS
  • 21,994
  • 6
  • 52
  • 79