Penetration Testing mailing list archives

Re: Port Scanning.

From: robert () dyadsecurity com
Date: Wed, 22 Dec 2004 12:17:01 -0800

DWreck(dwr3ckmailbox-pentest () yahoo com)@Wed, Dec 22, 2004 at 08:29:08AM

Most IPS admins do not block port scans.  The data is fed to a SIM to
keep a "low priority" eye on who may or may not be profiling you.

Most people using IPS's have them tuned to block nachi type protocol
anomalies etc.


Sure .. but TCP SYN port scanning was just one example.  Any UDP/ICMP
(connectionless) or TCP non-established connection based triggers can be
spoofed with unicornscan as well.  The only thing that isn't currently
easy to do is TCP full connection payload injection from spoofed IP's. 
We're working on a way to do that though :).

Robret

-- 
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033

Current thread:

Port Scanning. Faisal Khan (Dec 13)
- Re: Port Scanning. robert (Dec 13)
  - Message not available
    - Re: Port Scanning. robert (Dec 22)
    - Message not available
    - Re: Port Scanning. robert (Dec 22)
    - Re: Port Scanning. robert (Dec 22)
- Re: Port Scanning. Delron Troy (Dec 13)
- Re: Port Scanning. Jeffrey Denton (Dec 14)
- <Possible follow-ups>
- Re: Port Scanning. miguel . dilaj (Dec 13)
  - Message not available
    - Re: Port Scanning. Faisal Khan (Dec 13)
- RE: Port Scanning. Piskovatskov, Alexey (Dec 13)
  - RE: Port Scanning. rzaluski (Dec 14)
    - Re: Port Scanning. Martin Mačok (Dec 15)
- RE: Port Scanning. miguel . dilaj (Dec 14)
- RE: Port Scanning. Faisal Khan (Dec 14)

(Thread continues...)