Security Basics mailing list archives
Re: an error in the NMAP docs?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 05 Apr 2005 14:07:17 +0100
Michael Herz wrote:
Hi all, Is there an error in the NMAP docs? The --source_port section says: "Many naive firewall and packet filter installations make an exception in their rule-set to allow DNS (53) or FTP-DATA (20) packets to come through and establish a connection. Obviously this completely subverts the security advantages of the firewall since intruders can just masquerade as FTP or DNS by modifying their source port." This implies that the hole in a packet filtered machine exists if it has allowed inbound DNS or FTP connections. I don't believe this is true. I think the hole only exists if the machine has allowed outbound (ie client) connections from the machine. For example if the machine allowed outbound DNS client requests to the world, using --source_port 53 would exploit the hole.
The manual is quite correct, if you allow incoming requests from port 53 to any random port internally to *establish a connection*. This represents a hole. The attacker can target any port he wishes as long as his source is 53. This is a common firewall misconfiguration.
-- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk CA: www.cacert.org "He who hingeth aboot, getteth hee-haw" - Victor (Still Game)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- an error in the NMAP docs? Michael Herz (Apr 04)
- Re: an error in the NMAP docs? Barrie Dempster (Apr 05)
- RE: an error in the NMAP docs? David Gillett (Apr 06)
- RE: an error in the NMAP docs? Michael Herz (Apr 06)
- RE: an error in the NMAP docs? David Gillett (Apr 07)
- RE: an error in the NMAP docs? Michael Herz (Apr 07)
- RE: an error in the NMAP docs? David Gillett (Apr 08)
- RE: an error in the NMAP docs? Michael Herz (Apr 08)
- RE: an error in the NMAP docs? David Gillett (Apr 08)
- RE: an error in the NMAP docs? Michael Herz (Apr 08)
- RE: an error in the NMAP docs? Michael Herz (Apr 06)
- <Possible follow-ups>
- RE: an error in the NMAP docs? Fields, James (Apr 05)