Penetration Testing mailing list archives
Re: Port Scanning.
From: robert () dyadsecurity com
Date: Wed, 22 Dec 2004 12:17:01 -0800
DWreck(dwr3ckmailbox-pentest () yahoo com)@Wed, Dec 22, 2004 at 08:29:08AM
Most IPS admins do not block port scans. The data is fed to a SIM to keep a "low priority" eye on who may or may not be profiling you. Most people using IPS's have them tuned to block nachi type protocol anomalies etc.
Sure .. but TCP SYN port scanning was just one example. Any UDP/ICMP (connectionless) or TCP non-established connection based triggers can be spoofed with unicornscan as well. The only thing that isn't currently easy to do is TCP full connection payload injection from spoofed IP's. We're working on a way to do that though :). Robret -- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033
Current thread:
- Port Scanning. Faisal Khan (Dec 13)
- Re: Port Scanning. robert (Dec 13)
- Message not available
- Re: Port Scanning. robert (Dec 22)
- Message not available
- Re: Port Scanning. robert (Dec 22)
- Re: Port Scanning. robert (Dec 22)
- Message not available
- Re: Port Scanning. robert (Dec 13)
- <Possible follow-ups>
- Re: Port Scanning. miguel . dilaj (Dec 13)
- Message not available
- Re: Port Scanning. Faisal Khan (Dec 13)
- Message not available
- RE: Port Scanning. rzaluski (Dec 14)
- Re: Port Scanning. Martin Mačok (Dec 15)