Penetration Testing mailing list archives
RE: Blocking Port scans
From: "Josh Perrymon" <perrymonj () networkarmor com>
Date: Mon, 24 Oct 2005 12:49:04 -0500
I don't think you will successfully shun SYN traffic with the PIX. You will need a device to look into the header flags right? Just verify the ports than are needed to be open and then harden the OS set in the security polices and introduce IDS possibly IPS to supplement this. PIX firewalls are solid for what there designed to do ( Provide ACLS and Redundancy ) but they don't have the higher layer inspection other than the very basic RFC and some SYN flood protection with may be a little helpful unless it's a skilled attacker. Probably didn't answer anything huh :) JP Network Armor -----Original Message----- From: BSK [mailto:bishan4u () yahoo co uk] Sent: Monday, October 24, 2005 7:35 AM To: pen-test () securityfocus com Subject: Blocking Port scans Hello Everyone, Just wanted some feedback from you people. I'm doing a Firewall Assessment for a CISCO PIX firewall. The firewall allows SYN, FIN, NULL and XMAS scans but blocks ACK scans (largely means its a stateful firewall). Now what do we do to block the scans that are allowed. I think it should be easy to block FIN, NULL and XMAS scans but how do we block or limit or workaround a SYN scan. 1 way that I think is probably blocking or limiting the packets from the source (using IDS/IPS) Looking ahead to some ideas, thoughts, hints. thns bshan ___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Blocking Port scans BSK (Oct 24)
- Re: Blocking Port scans Ivan . (Oct 24)
- Re: Blocking Port scans robert (Oct 24)
- Re: Blocking Port scans Justin (Oct 24)
- Re: Blocking Port scans Terry Vernon (Oct 24)
- Re: Blocking Port scans Chris Moody (Oct 25)
- Re: Blocking Port scans Georgi Alexandrov (Oct 26)
- <Possible follow-ups>
- RE: Blocking Port scans Josh Perrymon (Oct 24)
- RE: Blocking Port scans Geelen, Ruud (Oct 31)