Re: [PEN-TEST] NetRecon Assessment Tool

["Moonen, Ralph" <Moonen.Ralph () KPMG NL>]

> I would be very curious if others have had this same
> experience with the
> tool when scanning Class C networks versus scanning ten or so
> boxes at a
> time.

Although I don't use the tool, I know someone who does, and he
reported many trinoo and other trojan ports open. So I checked
for him and found they were false positives. As far as I can figure,
it is a result of the UDP scanning timeout. When scanning many hosts,
apparently some packets get lost in the traffic, making Netrecon
think the UDP port is open, when in fact it isn't. UDP scanning
can be tricky....

--Ralph


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************