Penetration Testing mailing list archives
Re: Providers blocking portscans - bad news for pentest?
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Mon, 04 Jul 2005 22:43:54 -0400
On Mon, 2005-07-04 at 17:13, Petr.Kazil () eap nl wrote:
However they have recently installed a system that wil automatically block anyone doing a portscan. They mention a system of "aggregated firewalls" that behaves like a "bot".
Can you find out the specific tool they are using? My guess is they are looking at "X" number of port attempts in "Y" amount of time. If so something like: nmap -T sneaky ... should do the trick. I would expect that the threshold can not be all that low, otherwise it would false positive on busy name and mail servers.
And what if providers start filtering TCP/IP traffic. Then portscans will become very unreliable.
Some already do. Many still block TCP/1433 & UDP/1434 due to the large number of infected Slammer systems that have yet to be cleaned. Some even block TCP/25, Echo-requests, inbound TCP/80 to non-hosted Web servers, etc. Its all a matter of the provider's policy. HTH, Chris
Current thread:
- Re: Remote Desktop/Term. Serv information leakage, (continued)
- Re: Remote Desktop/Term. Serv information leakage Thor (Hammer of God) (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Andre Protas (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Ha, Jason (Jul 02)
- Re: Remote Desktop/Term. Serv Information leakage kuffya (Jul 02)
- RE: Remote Desktop/Term. Serv Information leakage Paul Fields (Jul 05)
- RE: Remote Desktop/Term. Serv information leakage Salvador.Manaois (Jul 04)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Erin Carroll (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Alexander Klimov (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? RCS (Jul 05)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Chris Brenton (Jul 04)
- Re: Providers blocking portscans - bad news for pentest? Robert BARABAS (Jul 05)
- Re: Providers blocking portscans - bad news for pentest? Maarten Hartsuijker (Jul 06)
- Message not available
- Re: Providers blocking portscans - bad news for pentest? Christoph Puppe (Jul 07)