Port Scanning Service Recommendation

Portal Home > Knowledgebase > Articles Database > Port Scanning Service Recommendation

Posted by ameeriklane, 09-18-2011, 02:03 AM
Can anyone recommend a third-party service that will scan a list of IPs we provide and email us if any unexpected ports are open? Basically we just want our servers scanned by a third-party service every day to ensure no ports are unexpectedly open, as that may indicate some type of issue.
Posted by ssfred, 09-18-2011, 05:22 AM
Hello I think "PCI Scan" would be the ideal choice.
Posted by ameeriklane, 09-18-2011, 10:47 AM
I searched that term in Google and hundreds of results came up. It also seems like the companies offering PCI charge a lot of money and do it only monthly or quarterly. We need a less extensive scan (just port scanning) but need it done daily. Any other suggestions?
Posted by Squidix - SamBarrow, 09-18-2011, 10:48 AM
You could probably just write a simple script to do this.
Posted by T-Junk, 09-19-2011, 12:48 AM
You could probably do it for free from your house if you have a Mac at home. OSX has a port scanner built in to their Network Utility.
Posted by ameeriklane, 09-19-2011, 11:02 AM
Thanks for the advice. I realize I could write such a script on my own, but was hoping there was a company offering the service out there already. I'd be happy to pay a reasonable fee and then know the test is working properly and is well-maintained. I found one company, hackertarget.com, that does this but they only do it on-demand and you can't schedule it to occur automatically (like on a daily basis). Also Pingdom said it would work if we specified the ports and configure it to to notify when that port is "up" (open) again (so this is sort of an unintended use of their service, but it would work). However, I'd rather not have to specify every port that shouldn't be open, but rather those that should be open. There are also some companies offering firewall scanning tools, though most seem to be installed products (not SaaS) or with many more features (vulnerability scanning) with the accompanying higher price.
Posted by Squidix - SamBarrow, 09-19-2011, 12:10 PM
The functionality really doesn't sound complicated, but this is not a common service, I doubt you'll find a company that offers some type of monthly package for it. You can probably get a programmer to write something like this for under a hundred bucks, wouldn't take more than a single PHP script.
Posted by brianoz, 09-20-2011, 04:29 AM
This is really shutting the gate after the cattle have already bolted. It would be better to use a firewall that blocked all ports other than those you needed open, then you'd actually be safe. If you still really need this, there's a tool called "nmap" that will do this out of the box, with probably only minor tweaks. It has a complex set of options, but it's well known so you should be able to figure it out, or find a Howto, or get the help you need to get it working.
Posted by spykee, 09-20-2011, 04:33 AM
nmap will do the job for you... or just create your own script (and use netcat tool).

Add to Favourites Print this Article