In order to understand port scanning and what it does it is first necessary to understand what a port is.

When an application needs to use an internet connection it must control the data so it's transfer requests will remain separate from data that is destined other applications. This is important as different applications requirse different types of information, for example Outlook Express would get confused if it tried to process data that was in fact web page information and similarly if Internet Explorer was trying to display wed pages based on email related data then it would have problems. To overcome this, applications create and utilise what are known as ports. All ports have a numerical value and exist in the transport layer of the OSI model. Ports are generally split into two categories, these are well known ports and dynamic ports. The port that the data belongs to is attached to the data packet so that the operating system knows which application should deal with it. Port values below 1024 are all reserved for particular applications and include FTP on port 21, Telnet on port 23 and also POP3 and SMTP on ports 110 and 25 respectively. All ports above the number 1024 are dynamic and are therefore not reserved which that they can be used by any 3rd party applications and programs.

So What's Port Scanning Then?
So you know we know what ports are, and that they are unique to the applications on your computer that wish to utilise the internet connection. You may however be wondering why somebody would want to scan the ports that your computer is using and why this would be malicious. Port scanning can be used to discover open ports on a system. So for example, if you happen to be checking your email at the same time as port scanning your computer, you will notice that one or both of your email ports (usually 110 and 25) are open.

A hackers intent behind port scanning, is to try and discover certain ports on a computer/server that may be open without your knowledge, either by a hidden trojan virus, or maybe by a software bug in a badly coded application. Either way, an unused open port is an entry point into your computer but only if somebody knows it is there.

When performing a port scan, a program known as a 'port scanner' can be used to search a range of IP addresses in the hope that an open port on a system somewhere will be found. There are many well known trojans that remain undetected on a computer systems that intentionally open specific ports and act as a client application. If a hacker port scans a computer system and finds the ports left open by the host trojan then they can use an associated trojan server application to connect to the trojan through the open port. Most trojans are programmed to receive commands and the extent of what they can do is vast, ranging from deleting files, to turning on/off devices to even providing the server application will full control of the remote computer system. However not all port scanning is done to locate hidden trojans, in some cases badly coded or incorrectly configured software can also innocently leave open vital ports. An example of this are companies whom run mail server applications. In many cases they do not correctly configure the software and instead install it out of the box!. This means that the software may, as default, have specific ports open for maintenance purposes and these can be utilised by a malicious user to spam thousands of email addresses using the companies resources.

Security Checklist!
Being aware of Trojans and port scanning is the first step towards securing your system, however to increase your security the following steps should be taken:

• Make sure that you have a firewall application running all the time which monitors file and email activity. This will help prevent trojans and viruses from getting onto your computer system which will inturn prevent them performing any malicious activity.

• Once installed, correctly configure your firewall. This will  block all activity on ports other than those that you actually require, for example port 80 and ports 25, 110.

• Ensure that all software is correctly configured and that you are running the latest update/service pack for your operating systems. Many new operating systems are released with many software errors which are quickly identified and taken advantage of. By ensuring that you correctly configure the software or operating system and install any updates then you reduce the chances of any well know security flaws that are present.