From: Abel Aberra (aaberra@gmail.com)
Date: Tue Oct 10 2006 - 10:19:08 ART
Completley off topic here...
Curt, the spoofed IPs are not really meant to be used for any purpose other
than to confuse the firewall/IDS so that it can't tell who is actually
performing the scan, so it can block it. Also remember that a port-scan can
be done over a long period of time, such that IDS/Firewall countermeasures
wouldn't realize what was happening. Most of the time a port scan is the
first step in reconnaissance on a specific host that you want to attack, not
the actual attack itself. Remember also that there is a psychology to the
whole thing. A network of bots can be setup to perform a port scan on one
host on a network to keep the security staff busy trying to figure out who
is doing the scan, while another real attack is taking place on a different
host.
One thing to always remember is for any defense there is an offense. You're
never completely safe abstinence from the Internet is the only sure
countermeasure ;-).
-Abel
On 10/9/06, Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
>
> That's why you configure an exception list to specify which
> hosts cannot be shunned. Granted the configuration may be excessive but
> you can still build a stable configuration to get around the design
> problem you mentioned if you take the time.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Rodrigo Paes
> > Sent: Monday, October 09, 2006 6:12 PM
> > To: security@groupstudy.com; ccielab@groupstudy.com
> > Subject: Re: port scan
> >
> > I always though of shunning features as a shot in the foot... imagine
> > if someone does a port scan using ... lets say... the DNS root servers
> > ip addresses, or some other IP they know its heavily used.... it's a
> > great DoS attack :D
> >
> > my 2cc
> >
> > []s
> > Rodrigo Paes
> > CCIE #14054 (R&S and SP)
> >
> >
> > On 10/9/06, ccie4u <sales@ccie4u.com> wrote:
> > > A port scan is as it sounds - someone is using a tool or utility to
> scan
> > > your IP to see what ports are listening and responding. This
> provides
> > them
> > > information on what ports and services you have running. They can
> then
> > > tailor an attack to those specific ports. You can't really stop
> someone
> > > from scanning your ports unless you have some software or hardware
> that
> > does
> > > intrusion detection.
> > >
> > > With some intrusion detection hardware and software applications, it
> > will
> > > detect a port scan and temporarily or permanently block all traffic
> from
> > > that source IP address. Of course if they are spoofing their source
> IP
> > > address it won't be all that effective.
> > >
> > >
> > > Hope that helps.
> > >
> > > Ian
> > > www.ccie4u.com
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > 2nd
> > > CCIE
> > > Sent: Saturday, September 23, 2006 3:50 AM
> > > To: security@groupstudy.com; ccielab@groupstudy.com
> > > Subject: port scan
> > >
> > > Folks ;
> > > I am trying to know more about port scan attack ..i have not find
> a
> > good
> > > source so far ..no much posts in this list about this type of attack
> > >
> > > can someone give some input or link about port scan and methods of
> > > stopping it ?
> > >
> > > appreciate in advance
> > >
> > >
> > >
> > > ---------------------------------
> > > All-new Yahoo! Mail - Fire up a more powerful email and get things
> done
> > > faster.
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:04 ART