Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Providers blocking portscans - bad news for pentest?

From: "Maarten Hartsuijker" <subscriptions () hartsuijker com>
Date: Wed, 6 Jul 2005 21:23:25 +0200
Hmmm, I hope your ISP is not setting a trend over here in NL. So far, fortunately, I have not noticed any portscan blocking at my ISP. Using low-tech ISP appears to have its advantages as well ;-)
Personally, I still don't know if I consider blocking based on port scans a good or a bad thing. For instance: what would happen if someone decides to spoof the IPS of a couple of subnet-neighbours while portscanning? Or the IP's of the DHCP/DNS servers (I hope these are whitelisted)? 

Maarten


There is another consequence of this development. If providers start
blocking suspect TCP/IP traffic then we will have to do our portscans from
an IP-address near to the Internet entry point of our customers. But
usually my customers don't have a free patch from where I could scan their
external firewall interface. Most often they use an ADSL connection
themselves to do their external portscans.

And what if providers start filtering TCP/IP traffic. Then portscans will
become very unreliable.

Maybe this is "old news" for most of you, but since I haven't seen a
discussion about this, I thought I should mention it.
Previous By Date Next
Previous By Thread Next

Current thread: