Penetration Testing mailing list archives
Re: Changing Source Port during Penetration Testing?
From: warl0ck () metaeye org
Date: 8 Nov 2006 14:03:32 -0000
Changing source port for scanning or discovering only has significance if you have a stateless firewall, i.e firewalls that do not keep protocol state. Most of the firewalls and firewall devices are stateful now days, like the iptables and Cisco PIX firewall. For example. If firewalls and routers block your attempts to scan a host if your port number is above 1023. However, many firewalls and routers allow DNS (port 53) or FTP-Data (port 20) packets through. If you are having difficulties getting past a firewall, try changing your port number to 53 or 20. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Changing Source Port during Penetration Testing? 09sparky (Nov 04)
- <Possible follow-ups>
- RE: Changing Source Port during Penetration Testing? Michael Scheidell (Nov 05)
- Re: RE: Changing Source Port during Penetration Testing? emptybeerkann (Nov 07)
- Re: RE: Changing Source Port during Penetration Testing? Gadi Evron (Nov 07)
- Re: RE: Changing Source Port during Penetration Testing? Jamie Riden (Nov 07)
- Re: Changing Source Port during Penetration Testing? warl0ck (Nov 09)