Penetration Testing mailing list archives
Re: Blocking Port scans
From: Georgi Alexandrov <georgi.alexandrov () gmail com>
Date: Thu, 27 Oct 2005 08:47:52 +0300
BSK wrote:
Hello Everyone, Just wanted some feedback from you people. I'm doing a Firewall Assessment for a CISCO PIX firewall. The firewall allows SYN, FIN, NULL and XMAS scans but blocks ACK scans (largely means its a stateful firewall). Now what do we do to block the scans that are allowed. I think it should be easy to block FIN, NULL and XMAS scans but how do we block or limit or workaround a SYN scan. 1 way that I think is probably blocking or limiting the packets from the source (using IDS/IPS) Looking ahead to some ideas, thoughts, hints. thns bshan
Hello,I think that wasting your time searching for a (complex?) mechanism to block port scans is useless. If a person wants to know what services a host is running - he will find them ... one way or another.
Nmap for example has alot of options that can make any port scan detecting system suffer: decoys, paranoid scanning option, etc .. etc. But maybe a person doesn't even need the internet to figure out
the services - there are phones, not so knowledgable support personnel, etc.I would prefer researching and intergrating more serious and interesting security policies
than wondering how to block port scans.Otherwise if you still insist on trying to detect port scans (and block them after that),
you can try scanlogd by Solar Designer.Maybe i get the whole picture wrong and my opinion is useless, you will decide that ;-)
regards, Georgi Alexandrov ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Blocking Port scans BSK (Oct 24)
- Re: Blocking Port scans Ivan . (Oct 24)
- Re: Blocking Port scans robert (Oct 24)
- Re: Blocking Port scans Justin (Oct 24)
- Re: Blocking Port scans Terry Vernon (Oct 24)
- Re: Blocking Port scans Chris Moody (Oct 25)
- Re: Blocking Port scans Georgi Alexandrov (Oct 26)
- <Possible follow-ups>
- RE: Blocking Port scans Josh Perrymon (Oct 24)
- RE: Blocking Port scans Geelen, Ruud (Oct 31)