6

Say, my laptop is connected to a large WiFi network with many other users. If a port scan is run on my IP by somebody else on the same WiFi network, is it possible for the network admin (or anybody) to find out, or is it only my system that can detect this?

Bob Bob
  • 73
  • 3

1 Answers1

7

Any one with sufficient access to the network traffic can detect this, All you need is the capability to see all traffic and how its routed (to what TCP Port and IP).

The trick is to detect the 'unusual' signature of a port scan over the rest of the traffic (like sequential trying of random ports / specific well-known ports). This can be quite tricky for automation but is usually easy to do for a human.

As to specific who can detect it that is :

  • everyone in between you and the attacker that can see enough network traffic.
  • the attacker. obviously
  • you (the target) since your machine receives all these requests.

As a rule of thumb: Nothing within a network is anonymous / untraceable from within the confines of that network.

LvB
  • 8,217
  • 1
  • 26
  • 43
  • Thank you for the clear answer. How would the attacker cover his tracks to avoid being recognised? I've read about proxychains using the Tor network, etc. Does masking your IP actually help? – Bob Bob Dec 14 '15 at 11:50
  • 1
    That is a different question all together. you can ask that if you like, but narrow the scope a bit when you do. – LvB Dec 14 '15 at 12:18
  • Ok thank you. Also, coming back to my original question, is it very evident to the network admin or does he have to actively look to find out? – Bob Bob Dec 14 '15 at 17:20
  • 1
    @BobBob Not *very* evident (as in: not actively persued by many admins, not possible per se retroactively, not done by any default settings). In fact it might require the network admin to log more of his users traffic than he is allowed to per data protection. A *firewall* somewhere in-between might note (and counteract) a port scan, but your scenario "large WiFi" network does not sound much like something very firewall-y – Hagen von Eitzen Dec 14 '15 at 18:08