Re: Port Scanning.

[Delron Troy <delrontroy () lineone net>]

Hi  Faisal,

Its always good practice to run scans from different locations on the 
Internet, using machines (that you LEGALLY have access  to) that are not 
on the same subnet or ISP. Doing this will verify your results and show 
information about parts of your client's packet-filtering scheme that 
may be based on source address. If any of the machines you are using are 
connected to an ISP thats got egress filtering enabled, it will show up 
when you compare results. More reliable information about your client is 
obtained when your scanning machines are not NATed.

When it comes to tools, I always start with Nmap, but others can be 
useful, again to verify results and obtain more detailed information, 
like PoF.  Specfic service scanners can be very informative, like IKEScan.

SOCKS5 supports UDP as well as TCP, so a limited scan can be made 
through trusted SOCKS servers.

Cheers


Faisal Khan wrote:

> What's a good industry practise whilst doing port-scanning during a 
> pen-test.
>
> Do you rely on the results of a single vendor's software or do you use 
> multiple softwares?
>
> Also, with each OEM/vendor - do you scan once or twice?
>
> I need to do a scan on a Class C Address if that matters in any way.
>
> Faisal
>
>
>
> Faisal Khan,  CEO
> Net Access Communication
> Systems (Private) Limited
> ________________________________
>
> Network Security - Secure Web Hosting
> Managed Internet Services - Secure Email
> Dedicated Servers - Reseller Hosting
>
> Visit www.netxs.com.pk for more information.