Home.
NetworkMedium

Port Scanning & Banner Grabbing

Port scanning is often the first step in an intrusion chain. Attackers use reconnaissance results to match exposed services with known exploits.

Back to TechniquesTest Your Skills

How Attackers Use It

Attack Summary

Systematic probing of open ports and service banners to map the target's exposed attack surface — which services are running, which versions, which CVEs apply.

  • Target surface is discovered through passive and active scanning.
  • Open ports and service banners are correlated with CVE databases.
  • Known exploits or weak defaults are tested against discovered services.
  • Initial foothold is obtained through vulnerable or misconfigured services.

Defensive Strategy

Defense Summary

Firewall default-deny egress and ingress. Remove or falsify version banners. Network intrusion detection. Regular external scanning of your own assets.

  • Apply default-deny firewall rules and close unused ports.
  • Remove service version banners from public exposure.
  • Run scheduled external attack-surface scans and remediate quickly.
  • Use IDS/IPS signatures for scanner fingerprinting.

Detection Signals

  • High volume of connection attempts across sequential ports.
  • Short-lived TCP sessions with incomplete handshakes.
  • Repeated service probes from rotating source IPs.

Keywords

Port Scanning & Banner GrabbingPort Scanning & Banner Grabbing DetectionPort Scanning & Banner Grabbing PreventionMedium SeverityNetwork SecurityAttack and DefenseThreat DetectionSecurity Hardening

External References

Authoritative references for deeper learning and validation.

Related Techniques

Explore additional techniques with similar risk level.

Pretexting