Security Basics mailing list archives
RE: looking for tool to find open ports and domains
From: JGrimshaw () ASAP com
Date: Mon, 10 May 2004 17:35:21 -0500
I actually have a good use for this as well; I am considering setting up a wireless AP and placing it in its own DMZ on a firewall (in addition to other AP security that goes beyond this discussion). Ideally, I would like to identify all of the ports used, so that I would be convenienced by using a "deny IP any any" at the end of the access-list, after having permitting what I see as feasible... Blocking only what I know to be bad is like trying to manually block websites that I know to be bad. It would be endless! I was hoping someone would have a good reply to this--finding out what ports are running on all machines would make this project so much easier! For example, I do not want our wireless users using FTP--none of the people that will use wireless will have a reason to use FTP, so I know not to permit ports 20 and 21. And I can permit all of the Windows server ports--and web and other well known ports that I deem fit. But the list of all KNOWN ports is in the thousands. I can pick and choose, but ultimately I would be wrong in my selections. 1% error in 10000 ports is still 100 ports blocked that I shouldn't have... That doesn't seem feasible given all of the fluff out there, but I believe that anything that will go wrong in IT... will go wrong in IT. So as far as that goes, the only method I have to figure this out is to sniff the network, filter out to show only TCP and UDP packets, and then log many hours worth and hope to cover all of the bases before I give up looking at hundreds of megs of TCP and UDP captures, looking only for ports... aside from the Windows and well knowns I already know. I looked at the Active Ports someone mentioned, but the website didn't say it could log to a file, or run silently. Ultimately, I would like to run a script or policy on all machines that logs their port usage for a few days,updating their info to a fileshare somewhere. Does anyone know a program that offers a logging utility that would allow for this--for Windows? Net Stat comes with Windows, but does not offer (to my knowledge) a way to actually log what comes up, or log intermittently to grab a snapshot at various points throughout the day. It's either that instant, or continuously, both without logging. There were a few others that I read about in the review of Active Ports -- Port Explorer and Socket Port Owner, but the former is too much data (it is a sniffer) and the latter is just a graphic net stat. I would like to think that other people would have a use for this as well. Do you have a VPN that is behind a firewall? What ports do you permit on its interface? It would be a very similar thing--after people connect via their tunnel, they are on a device in a DMZ--what is allowed through? Everything? Only Windows? Something in between? I'm looking for the same functionality as that, so I guess this is a dual pronged question: Is anyone willing to share what ports (or what they did to map those ports) that would be used on a VPN connection that is filtered by a firewall (that doesn't permit everything!), and failing that, does anyone have software to map the ports used by endusers that can also log to a file? "Michael Chilcott" <michael_chilcott () emoryhealthcare org> 05/09/2004 06:39 AM To <randallm () fidmail com> cc <security-basics () securityfocus com> Subject RE: looking for tool to find open ports and domains Well, okay I guess I should have better explained what we have. We own a class "C" network, and its broken into segments. Using Windows O/S these users can setup their PCs to belong to a different domain (ie; workgroup). We would like to identify all the different domains, change them to our single domain, and able to push domain, group and local policies. More or less - remove the rouge domains. Thanks, Mike
"RandallM" <randallm () fidmail com> 05/07/04 20:07 PM >>>
Well gosh darn Mike, I can save you time. In your own words you told us: "I am looking for a way to scan for specific ports on all the PC's in our network." Then you asked: "I would like to know what domain these PCS belong too" Therefore "they" must be on YOUR domain, right!? I mean after all you would not be referring to just "random" scans, right? As far as "open" ports, nmap and nessus do just that with the proper switch options. As far as "what domain" a computer is on, a user in "your" network would sure enough call you with a "I can't get to my folders" because they did not or could not log on to your "network". Another great tool for ports and exploits on "your network" are the "Microsoft Baseline Security Analyzer"(www.microsoft.com)and the "BlackCode Port Scanner" found at www.blackcode.com thank you Randall M <|>-----Original Message----- <|>From: Michael Chilcott [mailto:michael_chilcott () emoryhealthcare org] <|>Sent: Friday, May 07, 2004 10:07 AM <|>To: security-basics () securityfocus com <|>Subject: looking for tool to find open ports and domains <|> <|>I am looking for a way to scan for specific ports on all the PC's in our <|>network. Also in this scan I would like to know what domain these PCS <|>belong too. I have tried Nessus, nmap, and superscanner; and they produce <|>great reports on the ports open, and way too much information about the <|>machine. Does anyone know any easy way to just get the port numbers <|>open, and what domain the PC belongs to? Maybe I used the right tool, but <|>not configured correctly... <|> <|>Thanks, <|>Mike --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- looking for tool to find open ports and domains Michael Chilcott (May 07)
- RE: looking for tool to find open ports and domains Kurt (May 10)
- Re: looking for tool to find open ports and domains die tuere (May 10)
- Re: looking for tool to find open ports and domains freeasabird_13 (May 10)
- RE: [seguridad-securityfocus] looking for tool to find open ports and domains Ivan Pascual Cortes del Valle (May 10)
- Re: looking for tool to find open ports and domains Ricardo Saramago (May 10)
- <Possible follow-ups>
- RE: looking for tool to find open ports and domains Michael Chilcott (May 10)
- RE: looking for tool to find open ports and domains JGrimshaw (May 11)
- Re: looking for tool to find open ports and domains Ansgar -59cobalt- Wiechers (May 12)
- RE: looking for tool to find open ports and domains JGrimshaw (May 11)
- Re: looking for tool to find open ports and domains Mitchell Rowton (May 10)
- RE: looking for tool to find open ports and domains James . Fields (May 10)
- RE: looking for tool to find open ports and domains Lubrano di Ciccone, Christophe (DEF) (May 11)