How Port Scans Work

The Vulnerability Scanning service offers two types of port scanning.

Port scans provide a list of open ports found on each target's IP address. Targets might have open ports on public IP addresses  and private IP addresses.

• If agent-based scanning is enabled in the scan recipe, then the agent on a target host checks for open ports on all attached VNICs , including VNICs with public and private IP addresses.
• If network port scanning is enabled in the scan recipe, then the Vulnerability Scanning service checks for open ports on any public IP addresses attached to target Compute instances.

When the Vulnerability Scanning service detects an open port on a public IP address, it doesn’t necessarily mean that the port is accessible from the public Internet. Your cloud network configuration or firewalls might prevent access to these ports. Similarly, the network port scanner can't scan public IP addresses that are blocked because of your network configuration or firewalls.

The Vulnerability Scanning service only scans the ports of your Compute instances in an Oracle Cloud Infrastructure tenancy. The service doesn’t scan internal, Oracle-managed hosts.