Re: Hidden Ports

[H Carvey <keydet89 () yahoo com>]

In-Reply-To: <E1Ao92K-0003iA-00 () smtp perfora net>

Nate,

I'm sorry, but your post makes little sense to me...

> Would recommend that on a windows box locally run FPORT from foundstone, on
> a *NIX box I would use a netstat to view what ports are open. 

Open ports on *nix have been traditionally hidden with rootkits that patch netstat on those systems.  On Windows 
systems, DLL injection rootkits can effectively hide the open ports from netstat, and we're getting to the point where 
they can be hidden from fport, as well.  However, if the port is meant to be open and accept connections, it will be 
visible from to a port scanner.  Try using nmap w/ a SYN scan ('-sS').

> A port scanner could possibly see it or it may not depending on if it is
> over the internet or if it is on the lan or if it is local to the machine
> can affect some of the results.

I guess that sort of goes without saying.  If the system you're scanning is NAT'd to a private address behind the 
firewall, of course you're not going to be able to simply port scan it from home...

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------