Penetration Testing mailing list archives
RE: Port Scanning.
From: Faisal Khan <faisal () netxs com pk>
Date: Tue, 14 Dec 2004 14:28:30 +0500
That's a good comment below. We did notice how our client has changed some ports, for example they do not use the standard ports for VNC or MS SQL Clients or Oracle Clients, they have assigned hi-end ports and mapped those ports to the respective applications.
At 09:53 AM 12/14/2004, rzaluski wrote:
Port scanning is only part of it. If you are using manual or automated tools you still need to VERIFY that the port number associated with the protocol is indeed what it advertises to be. Nmap for instance blindly Accepts that port 22 is associated with SSH but it this fact? You should always verify the port protocol to ensure that this is the case. For instance running nmap output through amap. - amap interrogates the protocol bound to the number For instance you can do the following : Step 1. Scan the target host and produce a machine-readable output file. In this case it is "nmap.output" nmap -sS 10.21.1.5 -oM output.nmap ---------------------------------------------------- Step 2 use this output file as input for amap. Amap -I nmap.output .........sample output............................ amap -i output.nmap amap v4.7 (www.thc.org) started at 2004-12-14 00:50:02 - APPLICATION MAP mode Protocol on 10.21.1.5:22/tcp matches ssh Protocol on 10.21.1.5:22/tcp matches ssh-openssh Protocol on 10.21.1.5:443/tcp matches http Protocol on 10.21.1.5:443/tcp matches http-apache-2 Protocol on 10.21.1.5:80/tcp matches http Protocol on 10.21.1.5:25/tcp matches smtp Protocol on 10.21.1.5:80/tcp matches http-apache-2 .... you get the idea As you can see amap also found that we are running an apache server ;-) amap is a good tool that can be downloaded from http://www.thc.org/releases.php Richard Zaluski CISO, Security and Infrastructure Services iVolution Technologies Incorporated 905.309.1911 866.601.4678 905.524.8450 (Pager) www.ivolution.ca rzaluski () ivolution ca -----Original Message----- From: Piskovatskov, Alexey [mailto:Alexey.Piskovatskov () bindview com] Sent: Monday, December 13, 2004 11:24 AM To: Faisal Khan; pen-test () securityfocus com Subject: RE: Port Scanning. There's good document by NIST on this subject: http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf Because nature of the scanners to report false positives/negatives, using multiple vendors and/or free tools is appropriate. Best, Alexey -----Original Message----- From: Faisal Khan [mailto:faisal () netxs com pk] Sent: Monday, December 13, 2004 8:47 AM To: pen-test () securityfocus com Subject: Port Scanning. What's a good industry practise whilst doing port-scanning during a pen-test. Do you rely on the results of a single vendor's software or do you use multiple softwares? Also, with each OEM/vendor - do you scan once or twice? I need to do a scan on a Class C Address if that matters in any way. Faisal Faisal Khan, CEO Net Access Communication Systems (Private) Limited ________________________________ Network Security - Secure Web Hosting Managed Internet Services - Secure Email Dedicated Servers - Reseller Hosting Visit www.netxs.com.pk for more information.
Faisal Khan, CEO Net Access Communication Systems (Private) Limited ________________________________ Network Security - Secure Web Hosting Managed Internet Services - Secure Email Dedicated Servers - Reseller Hosting Visit www.netxs.com.pk for more information.
Current thread:
- Re: Port Scanning., (continued)
- Message not available
- Re: Port Scanning. robert (Dec 22)
- Re: Port Scanning. robert (Dec 22)
- Message not available
- Re: Port Scanning. Faisal Khan (Dec 13)
- RE: Port Scanning. rzaluski (Dec 14)
- Re: Port Scanning. Martin Mačok (Dec 15)