Do Hackers Look Before They Leap?
By Sean Michael Kerner

Port scanning, the act of sweeping computer ports to discover which port is
open, has long been assumed to be a principal first step of any hacker.

But that may not necessarily be the case, according to a new report from
researchers at the University of Maryland (UM).

In UM's test environment, port scans preceded attacks in only 5 percent of
cases. The report also found that more than half of all attacks are not
actually predicated by any type of scan. "Hackers don't necessarily look
before they leap," the study concludes.

"I was surprised that the percentage was that low," Michel Cukier, a UM
assistant professor and one of the report's authors, said.

Cukier noted that the results may have been influenced by some the decisions
made in UM's testbed.

"It would be interesting to repeat the experiment on other locations with
other choices," Cukier told

Though port scanning was not a predictor for attacks, vulnerability scans do
in fact lead to attacks in a significant percentage of cases. The UM report
defines vulnerability scanning as a scan "used to fingerprint the presence
or absence of an exploitable vulnerability."

On their own, 21 percent of vulnerability scans led to an attack. When
combined with ports scans (that is a port and vulnerability scan),
vulnerability scans led to an attack in 71 percent of cases.

The UM research team used the formerly open source Nessus vulnerability
scanner as their network vulnerability scanner. They also concluded that
there is a need for a host vulnerability scanner. Cukier and his team have
created an open source project called Ferret to address that need.

"It focuses on Windows vulnerabilities. It is an open source tool," Cukier
said. "Our goal is to build a community similar to the Nessus one but for
Windows vulnerabilities." 

You are a subscribed member of the infowarrior list. Visit for list information or to unsubscribe. This message 
may be redistributed freely in its entirety. Any and all copyrights 
appearing in list messages are maintained by their respective owners.

Reply via email to