Penetration Testing mailing list archives
Re: Providers blocking portscans - bad news for pentest?
From: Christoph Puppe <puppe () hisolutions com>
Date: Thu, 07 Jul 2005 11:05:51 +0200
Maarten Hartsuijker schrieb:
Hmmm, I hope your ISP is not setting a trend over here in NL. So far, fortunately, I have not noticed any portscan blocking at my ISP. Using low-tech ISP appears to have its advantages as well ;-) Personally, I still don't know if I consider blocking based on port scans a good or a bad thing. For instance: what would happen if someone decides to spoof the IPS of a couple of subnet-neighbours while portscanning? Or the IP's of the DHCP/DNS servers (I hope these are whitelisted)?
A provider that does not even block ip-spoofing shouldn't venture into this kind of protective measures, sure thing. Unsuspecting users get hacked in the thousands each day, my opion is, that a provider should acknoledge this and take measures. The provider can do a lot to protect it's own customers and the internet as a whole: oo prevent IP-Spoofing oo block Broadcasts oo filter TCP (in and out) ports 7,13,19,25,135,139,445 oo have an smtp-relay for its customers, with rate limits oo react fast to new threats, e.g. when a new worm is out-> filter the port If you realy want to do your customers a favor, you ask them for consent to being protected by an IPS or offer this at a premium. Same goes for malware protection with email-relays and proxies. Or kid-save internet access, but thats a complicated topic for other lists ;) -- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________
Current thread:
- Re: Remote Desktop/Term. Serv Information leakage, (continued)
- Re: Remote Desktop/Term. Serv Information leakage kuffya (Jul 02)
- RE: Remote Desktop/Term. Serv Information leakage Paul Fields (Jul 05)
- RE: Remote Desktop/Term. Serv information leakage Salvador.Manaois (Jul 04)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Erin Carroll (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Alexander Klimov (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? RCS (Jul 05)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Chris Brenton (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Robert BARABAS (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? Maarten Hartsuijker (Jul 06)
- Message not available
- Re: Providers blocking portscans - bad news for pentest? Christoph Puppe (Jul 07)
- Re: Remote Desktop/Term. Serv Information leakage kuffya (Jul 02)