Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Changing Source Port during Penetration Testing?

From: warl0ck () metaeye org
Date: 8 Nov 2006 14:03:32 -0000
Changing source port for scanning or discovering
only has significance if you have a stateless
firewall, i.e firewalls that do not keep protocol state. 

Most of the firewalls and firewall devices are
stateful now days, like the iptables and Cisco PIX
firewall.

For example.

If firewalls and routers block your attempts to 
scan a host if your port number is above 1023. However, many firewalls and routers allow DNS (port 53) or FTP-Data 
(port 20) packets through. If you are having difficulties getting past a firewall, try changing your port number to 53 
or 20.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: