Penetration Testing mailing list archives
Providers blocking portscans - bad news for pentest?
From: Petr.Kazil () eap nl
Date: Mon, 4 Jul 2005 23:13:12 +0200
<rant warning> Recently I had a worrying experience with my Internet provider that might be interesting for some of us. I had been doing LEGAL portscans from home, only to find my Internet access blocked a few hours later. I had done this many times before and had called and mailed their helpdesk, and it was never a problem. Their attitude was: "As long as nobody files a complaint against your scan, we will tolerate it." I read their "terms of use" and legal portscans / vulnerability scans were not prohibited. Their helpdesk still acknowledges that legal scans are not prohibited. (And IIRC a Dutch law court even decided that portscans are not illegal AT ALL, since they don't penetrate the system perimeter.) However they have recently installed a system that wil automatically block anyone doing a portscan. They mention a system of "aggregated firewalls" that behaves like a "bot". There is nothing that can be done against it. Asking for a temporary permission is useless and the provider does not provide any service without this filter anymore (other than expensive colocation). They say that with the explosion of trojans and worms they had to take these measures. Since this was the most "nerdy" and "tech friendly" provider in the Netherlands, many of my security colleagues had been doing their scans through them. Now they are being blocked too, and they are quite unhappy with the development. Even some companies that used ADSL accounts for doing security scans against their own infrastructure have been blocked. Although intellectually I should welcome this development (security gets better for most of us) emotionally I'm quite upset (where's the free Internet that I grew up with). <rant off> There is another consequence of this development. If providers start blocking suspect TCP/IP traffic then we will have to do our portscans from an IP-address near to the Internet entry point of our customers. But usually my customers don't have a free patch from where I could scan their external firewall interface. Most often they use an ADSL connection themselves to do their external portscans. And what if providers start filtering TCP/IP traffic. Then portscans will become very unreliable. Maybe this is "old news" for most of you, but since I haven't seen a discussion about this, I thought I should mention it.
Current thread:
- Re: Remote Desktop/Term. Serv information leakage, (continued)
- Re: Remote Desktop/Term. Serv information leakage Kyle Maxwell (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Terry Vernon (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Joachim Schipper (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Paul Fields (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Thor (Hammer of God) (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Andre Protas (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Ha, Jason (Jul 02)
- Re: Remote Desktop/Term. Serv Information leakage kuffya (Jul 02)
- RE: Remote Desktop/Term. Serv Information leakage Paul Fields (Jul 05)
- RE: Remote Desktop/Term. Serv information leakage Salvador.Manaois (Jul 04)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Erin Carroll (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Alexander Klimov (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? RCS (Jul 05)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Chris Brenton (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Robert BARABAS (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? Maarten Hartsuijker (Jul 06)
- Message not available
- Re: Providers blocking portscans - bad news for pentest? Christoph Puppe (Jul 07)