Security Basics mailing list archives
RE: Source port scanning w/nmap?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 6 Jul 2005 08:18:38 -0700
Standard FTP uses a control connection from client to port 21 of the server, and a data connection from port 20 of the server to a high port on the client. Stateful firewalls watch the control connection, and permit the data connection only as necessary. "Dumb" packet filters (such as router access lists) *assume* connections from port 20 are FTP data connections, and let them in. SO: *if* the target network is protected only by a dumb packet filter, you may be able to hit any target host and port by setting the source port to 20. That's just one example. 53 (DNS) works as a source port against some networks, too, and there may be others. David Gillett
-----Original Message----- From: dissolved [mailto:dissolved () comcast net] Sent: Sunday, July 03, 2005 3:54 PM To: 'Johannes Schneider' Cc: security-basics () securityfocus com Subject: RE: Source port scanning w/nmap? Thanks. When you say "some hosts may not allow connections from every port" ...what do you mean? This is where I get confused. What is the purpose of source port scanning? To just find live hosts? Do you use ping sweeping in combination with source port scanning? -----Original Message----- From: Johannes Schneider [mailto:ichhabekeineemail () gmx net] Sent: Sunday, July 03, 2005 6:29 PM To: dissolved Cc: security-basics () securityfocus com Subject: Re: Source port scanning w/nmap? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dissolved wrote:Can someone please assist me with doing source portscanning with nmap? I'veread the MAN page and do not see this switch listed. Is it --source-port <port number>? Thankstry nmap -sS -g [source port] [more options] [address2scan] as root. you cant do nmap -cS -g [...] [...] [...]. if i understand it korrekt, the sourceport is the port you use to send ur scan-pakets to the host. its usefull to scan hosts wich dont allow connections from every port. greatz Johannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCyGaysVM05bj27BsRAjeoAJ9cR5kCWx7xnU/3iU/O+O/6KrLZ+QCgt/9A 94CQ6bYQ72riheBEsJ/n0Gs= =hRzW -----END PGP SIGNATURE-----
Current thread:
- Re: Source port scanning w/nmap? Gonzalo Martinez (Jul 04)
- <Possible follow-ups>
- Re: Source port scanning w/nmap? matt (Jul 04)
- Re: Source port scanning w/nmap? Johannes Schneider (Jul 05)
- RE: Source port scanning w/nmap? dissolved (Jul 05)
- Re: Source port scanning w/nmap? ChayoteMu (Jul 06)
- Re: Source port scanning w/nmap? Jonathan Glass (Jul 06)
- RE: Source port scanning w/nmap? David Gillett (Jul 06)
- Dsniff usage dissolved (Jul 05)
- Re: Dsniff usage Ron (Jul 06)
- Re: Dsniff usage Geert VAN ACKER (Jul 11)
- Re: Dsniff usage Ron (Jul 13)
- Re: Dsniff usage John (Jul 11)
- RE: Source port scanning w/nmap? dissolved (Jul 05)