Penetration Testing mailing list archives
Re: Providers blocking portscans - bad news for pentest?
From: Christoph Puppe <puppe () hisolutions com>
Date: Tue, 05 Jul 2005 15:31:05 +0200
Petr.Kazil () eap nl schrieb:
<rant warning> Recently I had a worrying experience with my Internet provider that might be interesting for some of us.
The policy of the uplink provider is allways a major concern when doing PTs. For example, it is standard practice to check if spoofed packets can be sneaked by the firewall. So you need to have a provider w/o spoofing prevention, something a good provider should have in place. Your problem with portscans gets even harden when you have to do large amounts of exhaustive scans. Scanning a /24 for all 2^17 Ports are 2^20 Packets. So you want to be fast, I usualy send about 2000 packets / sec, covering the range in just a few hours. I usualy find open ports on very uncommon numbers, like vnc on 55900 and such. This comes down to the advice to talk with your provider, get an agreement to get unfiltered and unrestricted access and provide a telefonnumber in the whois record of your network or ip number, in case you trample someone elses feet. -- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________
Current thread:
- RE: Providers blocking portscans - bad news for pentest? Drage, Nick (Jul 05)
- <Possible follow-ups>
- Re: Providers blocking portscans - bad news for pentest? Christoph Puppe (Jul 05)