Penetration Testing mailing list archives
Changing Source Port during Penetration Testing?
From: 09sparky () gmail com
Date: 4 Nov 2006 16:57:41 -0000
Question for PenTester, Do most of you attempt to change the source port during a standard external Penetration Test/Vulnerability Assessment as part of your standard practice? If so, how often do you find routers/firewalls that allow for instance port 80, 53, 25, etc allowing you to forward traffic? I am trying to get a better feel for this concept/practice, but I have been having some trouble. I am aware that "nmap -g" option will allow for changing of the source port, but I keep getting similar results back as if I didn't do it. I am assuming that the router/firewall is disregarding the changed source port and not allowing it. Does anyone have any good suggestions, papers, etc as to how I can get a better understanding of this process? I guess I would use netcat or fpipe to create a tunnel once I found a way in, but I am still unclear of how that works also. Would it be possible for someone to help me out and explain there methodology/process? (Of course the more details the better, but I will take what I can get) Any help would be great, Thanks, Sparky ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Changing Source Port during Penetration Testing? 09sparky (Nov 04)
- <Possible follow-ups>
- RE: Changing Source Port during Penetration Testing? Michael Scheidell (Nov 05)
- Re: RE: Changing Source Port during Penetration Testing? emptybeerkann (Nov 07)
- Re: RE: Changing Source Port during Penetration Testing? Gadi Evron (Nov 07)
- Re: RE: Changing Source Port during Penetration Testing? Jamie Riden (Nov 07)
- Re: Changing Source Port during Penetration Testing? warl0ck (Nov 09)