For the cyber attacker, scanning is a critical capability needed to mount sophisticated attacks.
The majority of this scanning takes place externally but it is also a vital component of lateral movement. Internet 2.0 has invented a capability to obscure a network from this scanning.
We call this new technology Internet 2.0 Obfuscation.
Traditionally, a hacker needs to know the IP or MAC address before they can conduct a cyber attack upon a device through a network. By obscuring the network from scanners, such as NMAP, we dislocate most hackers from their most critical capabilities.
How Hackers Attack
What is NMAP?
Network Mapper (NMAP), is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use NMAP to identify what devices are running on their systems, discovering hosts that are available, and the services they offer. NMAP can be used to monitor single hosts as well as vast networks that encompass hundreds of thousands of devices and multitudes of subnets, finding open ports and detecting security risks.
NMAP has evolved through numerous iterations over time, and is an extremely flexible tool. Though at its core, it remains a port-scan tool; gathering information by sending raw packets to system ports.
It operates by searching for responses and determining whether ports are open, closed or filtered in some way through systems such as firewalls. Other terms used for port scanning include port discovery or enumeration.
While port scanning is not illegal under U.S. federal law, NMAP's features are certainly useful to malicious hackers probing for vulnerabilities to exploit.
How to protect your network from Hackers?
What you see
A Scanning Attack from Europe is seen here in the Firewall events