Port scanning, the practice of sniffing for computers with unprotected and open ports, isn't much of a harbinger of an attack, a University of Maryland researcher said Monday. Michel Cukier, an assistant professor at the College Park, Maryland-based school, said that contrary to common thought, few port scans actually result in an attack. In fact, only about five percent of attacks are preceded by port scans alone.

"But when you combine port scans with other kinds of scans, particularly vulnerability scans, there's a much higher probability of an attack," said Cukier.

Nearly three-quarters of the attacks prefaced by some kind of scan came after both a port and a vulnerability scan were run against the exposed PCs, noted Cukier's report.

"The identification of port scans and vulnerability scans launched from a single source IP address is a good indicator that an attack will follow from the same IP address," said the report.

The link for this article located at Security Pipeline is no longer available.