OT:-----------Re: port scan

From: Capt.Spock (capt.spock@gmail.com)
Date: Tue Oct 10 2006 - 10:49:13 ART

• Next message: prathap singh: "RE: voice startup [bcc][faked-from]"
• Previous message: Tony Schaffran: "OT - Service provider CCIE lab equipment"
• Next in thread: istong@stong.org: "Re: OT:-----------Re: port scan"
• Maybe reply: istong@stong.org: "Re: OT:-----------Re: port scan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Abel, If NAT is implemented will it avoid some of these issues like...

Ex:- A HOME wireless router.. The Outside fellow can come to the WAN port to
the Cable Modem. After that he does not know the inside Private IPS...

On 10/10/06, Abel Aberra <aaberra@gmail.com> wrote:
>
> Completley off topic here...
>
> Curt, the spoofed IPs are not really meant to be used for any purpose
> other
> than to confuse the firewall/IDS so that it can't tell who is actually
> performing the scan, so it can block it. Also remember that a port-scan
> can
> be done over a long period of time, such that IDS/Firewall countermeasures
> wouldn't realize what was happening. Most of the time a port scan is the
> first step in reconnaissance on a specific host that you want to attack,
> not
> the actual attack itself. Remember also that there is a psychology to the
> whole thing. A network of bots can be setup to perform a port scan on one
> host on a network to keep the security staff busy trying to figure out who
> is doing the scan, while another real attack is taking place on a
> different
> host.
>
> One thing to always remember is for any defense there is an offense.
> You're
> never completely safe abstinence from the Internet is the only sure
> countermeasure ;-).
>
> -Abel
>
> On 10/9/06, Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
> >
> > That's why you configure an exception list to specify which
> > hosts cannot be shunned. Granted the configuration may be excessive but
> > you can still build a stable configuration to get around the design
> > problem you mentioned if you take the time.
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > Rodrigo Paes
> > > Sent: Monday, October 09, 2006 6:12 PM
> > > To: security@groupstudy.com; ccielab@groupstudy.com
> > > Subject: Re: port scan
> > >
> > > I always though of shunning features as a shot in the foot... imagine
> > > if someone does a port scan using ... lets say... the DNS root servers
> > > ip addresses, or some other IP they know its heavily used.... it's a
> > > great DoS attack :D
> > >
> > > my 2cc
> > >
> > > []s
> > > Rodrigo Paes
> > > CCIE #14054 (R&S and SP)
> > >
> > >
> > > On 10/9/06, ccie4u <sales@ccie4u.com> wrote:
> > > > A port scan is as it sounds - someone is using a tool or utility to
> > scan
> > > > your IP to see what ports are listening and responding. This
> > provides
> > > them
> > > > information on what ports and services you have running. They can
> > then
> > > > tailor an attack to those specific ports. You can't really stop
> > someone
> > > > from scanning your ports unless you have some software or hardware
> > that
> > > does
> > > > intrusion detection.
> > > >
> > > > With some intrusion detection hardware and software applications, it
> > > will
> > > > detect a port scan and temporarily or permanently block all traffic
> > from
> > > > that source IP address. Of course if they are spoofing their source
> > IP
> > > > address it won't be all that effective.
> > > >
> > > >
> > > > Hope that helps.
> > > >
> > > > Ian
> > > > www.ccie4u.com
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > 2nd
> > > > CCIE
> > > > Sent: Saturday, September 23, 2006 3:50 AM
> > > > To: security@groupstudy.com; ccielab@groupstudy.com
> > > > Subject: port scan
> > > >
> > > > Folks ;
> > > > I am trying to know more about port scan attack ..i have not find
> > a
> > > good
> > > > source so far ..no much posts in this list about this type of attack
> > > >
> > > > can someone give some input or link about port scan and methods of
> > > > stopping it ?
> > > >
> > > > appreciate in advance
> > > >
> > > >
> > > >
> > > > ---------------------------------
> > > > All-new Yahoo! Mail - Fire up a more powerful email and get things
> > done
> > > > faster.
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: prathap singh: "RE: voice startup [bcc][faked-from]"
• Previous message: Tony Schaffran: "OT - Service provider CCIE lab equipment"
• Next in thread: istong@stong.org: "Re: OT:-----------Re: port scan"
• Maybe reply: istong@stong.org: "Re: OT:-----------Re: port scan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:04 ART