Penetration Testing mailing list archives

Re: Blocking Port scans

From: "Terry Vernon" <tvernon24 () comcast net>
Date: Mon, 24 Oct 2005 17:51:27 -0500

a person should never have initiated a handshake wwith every socket on themachine in a short period of time. only portscans do that. find or build atool to watch for this and problem semi-solved


Terry Vernon
CTO/Senior Developer
Sprite Technologies

----- Original Message -----From: "BSK" <bishan4u () yahoo co uk>

To: <pen-test () securityfocus com>
Sent: Monday, October 24, 2005 6:34 AM
Subject: Blocking Port scans

Hello Everyone,

Just wanted some feedback from you people. I'm doing a
Firewall Assessment for a CISCO PIX firewall. The
firewall allows SYN, FIN, NULL and XMAS scans but
blocks ACK scans (largely means its a stateful
firewall).

Now what do we do to block the scans that are allowed.
I think it should be easy to block FIN, NULL and XMAS
scans but how do we block or limit or workaround a SYN
scan. 1 way that I think is probably blocking or
limiting  the packets from the source (using IDS/IPS)

Looking ahead to some ideas, thoughts, hints.

thns bshan




___________________________________________________________

To help you stay safe and secure online, we've developed the all newYahoo! Security Centre. http://uk.security.yahoo.com


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,

login pages, dynamic content etc. Firewalls, SSL and locked-down serversarefutile against web application hacking. Check your website forvulnerabilitiesto SQL injection, Cross site scripting and other web attacks beforehackers do!

Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------




------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:


http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Blocking Port scans BSK (Oct 24)
- Re: Blocking Port scans Ivan . (Oct 24)
- Re: Blocking Port scans robert (Oct 24)
- Re: Blocking Port scans Justin (Oct 24)
- Re: Blocking Port scans Terry Vernon (Oct 24)
- Re: Blocking Port scans Chris Moody (Oct 25)
- Re: Blocking Port scans Georgi Alexandrov (Oct 26)
- <Possible follow-ups>
- RE: Blocking Port scans Josh Perrymon (Oct 24)
- RE: Blocking Port scans Geelen, Ruud (Oct 31)