סריקת פורטים, הפעולה של מעבר על כל הפורטים של מחשב כדי לגלות איזה פורט פתוח, תמיד הניחו שהיא הצעד הבסיסי ביותר של כל האקר.

אבל זה לא בהכרח נכון, לפי דו"ח חדש מחוקרים באוניברסיטת מרילנד (UM).

בסביבת המחקר של UM, סריקת פורטים קדמה להתקפות רק ב 5 אחוזים מכלל המקרים. הדו"ח מצא גם כן שיותר ממחצית כל ההתקפות אינן ניתנות לחיזוי ע"י סוג סריקה כלשהוא. "האקרים לא בהכרח מסתכלים לפני שהם קופצים," המחקר מסיק.

"הופתעתי לגלות שהאחוז כל כך נמוך," אמר מיקל קאקייר, עוזר פרופ' ב UM ואחד ממחברי הדו"ח.

הכתבה המלאה באנגלית

[התמונה הבאה מגיעה מקישור שלא מתחיל ב https ולכן לא הוטמעה בדף כדי לשמור על https תקין: http://www.tmcnet.com/usubmit/images/tmc-pr.gif]


[December 09, 2005]

University of Maryland researchers find that port scanning isn't necessarily a harbinger of an attack.

(www.internetnews.com)

Port scanning, the act of sweeping computer ports to discover which port is open, has long been assumed to be a principal first step of any hacker.

But that may not necessarily be the case, according to a new report from researchers at the University of Maryland (UM).

In UM's test environment, port scans preceded attacks in only 5 percent of cases. The report also found that more than half of all attacks are not actually predicated by any type of scan. "Hackers don't necessarily look before they leap," the study concludes.


"I was surprised that the percentage was that low," Michel Cukier, a UM assistant professor and one of the report's authors, said.

Cukier noted that the results may have been influenced by some the decisions made in UM's testbed.

"It would be interesting to repeat the experiment on other locations with other choices," Cukier told internetnews.com .

Though port scanning was not a predictor for attacks, vulnerability scans do in fact lead to attacks in a significant percentage of cases. The UM report defines vulnerability scanning as a scan "used to fingerprint the presence or absence of an exploitable vulnerability."

On their own, 21 percent of vulnerability scans led to an attack. When combined with ports scans (that is a port and vulnerability scan), vulnerability scans led to an attack in 71 percent of cases.

The UM research team used the formerly open source Nessus vulnerability scanner as their network vulnerability scanner. They also concluded that there is a need for a host vulnerability scanner. Cukier and his team have created an open source project called Ferret to address that need.

"It focuses on Windows vulnerabilities. It is an open source tool," Cukier said. "Our goal is to build a community similar to the Nessus one but for Windows vulnerabilities."

Internet.com Corp.

Copyright 2003 Jupitermedia Corp. All rights reserved.
Republication and redistribution of Jupitermeida Corp. content is
Expressly prohibited without the prior written consent of Jupitermedia
Corp.. Jupitermedia Corp., shall not be liable for any errors
or delays in the Content, or for any actions taken in reliance thereon.

http://www.tmcnet.com/usubmit/2005/dec/1219284.htm

חתימתכם הוסרה כיוון שלא עמדה בחוקי האתר. לפרטים נוספים לחצו כאן. תוכלו לקבל עזרה להתאמת החתימה לחוקים בפורום חתימות וצלמיות.