Penetration Testing mailing list archives
FW: baby pen-test question
From: "leon" <leon () inyc com>
Date: Sun, 23 Sep 2001 21:06:18 -0400
Hi everyone, I have a few “baby” questions about pen-testing / vulnerability assessment. I say this because maybe the answers to these questions are common knowledge (probably are). My first question is about port scanning. Bear with me while I set up a scenario. Well I would think backdoors in a network would generally listen on some port. Now lets say we have some kind of listener kind of like sub 7 or whatever but home-made. It does not have an anti-virus signature so it is not picked up by that. I know that things like ISS, Nessus, Cybercop, Etc look for Trojans by scanning the default ports (subseven 27374, netbus 12345, etc). If I am a hacker I am going to have the server run on a very high port number like 60,000. So when people do audits my question is do you port scan every port (both tcp, & udp) on every host or do you just scan with the ISS or maybe just an Nmap of 1 - 1024? Do people nmap everything (every single port on both tcp & udp)? I would assume this must take quite a bit of time if the network is large (even small) and probably use up a lot of bandwidth (create a lot of traffic if you have a lot of people doing every port of every machine). However I would think that you would have to do this if you were being thorough cause if you pick a range (say 1 - 30000), you happen to be wrong and the attacker has lets say some super cool Trojan that is unknown and phones home with a connection out on port 80 to some preset ip) you might be in a lot of trouble (well the companies reputation anyway). That brings me to my next question which is about medium / large networks. Do people scan every single host with things like Nessus / Insert your favorite scanner / toll here, or do they just take a sample (say 20 out of 200). Say there was a network with 2000 hosts. Even with 4 consultants with amazing laptops it still takes time. I realize that this is probably up to the customer but maybe what I am curious about is what happens more frequently or what do you actually suggest when the customer asks for advice. Especially the port scanning. Is this left to run at night or something??? Anyway I am sure I will have more questions soon ☺ Public and private response welcome. Cheers, Leon ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- FW: baby pen-test question leon (Sep 24)
- Re: FW: baby pen-test question Anders Thulin (Sep 27)
- <Possible follow-ups>
- Re: FW: baby pen-test question Florindo . Gallicchio (Sep 24)
- Re:FW: baby pen-test question bluefur0r bluefur0r (Sep 25)