Re: Scan of TCP 552-554

From: Frank Knobbe (fknobbe_at_knobbeits.com)
Date: 07/25/03

  • Next message: Trenten Healy: "RE: New worm in Japan?" 
    To: Bill McCarty <bmccarty@pt-net.net>
Date: 24 Jul 2003 18:10:30 -0500

    On Thu, 2003-07-24 at 02:08, Bill McCarty wrote:
    > What might it be looking for on TCP 552-553 and, more particularly, why
    > might a scanner interested in RTSP also scan those ports? The ports are
    > registered for use by deviceshare and PIRP (Public Information Retrieval
    > Protocol). But, I don't suspect that the scanner is interested in those
    > services, since they don't seem to be associated with RTSP. Could the
    > scanner simply be comparing the response for port 554 with those for the
    > other ports, in order to assess possible firewall rules?

    Exactly. It's a common practice (at least in my shop :p) to scan so that
    you hit the ports you want to scan for and hope to be open, and then
    ports that have a good probability of being closed. That way you can
    examine the responses and see if and what type of filtering goes on.

    For example, if you do a TCP scan from port 135 to port 140 on a Windows
    box, and you receive nothing on 135, 136, 137, 138, 139, but a TCP Reset
    on 140, there is a high probability that an admin only put a firewall
    rules in place that simply says 'drop 135-139' to cover the RPC/NetBIOS
    range, but left the system otherwise unprotected, with Windows sending a
    Reset on port 140. (Of course you might want to confirm by 'pinging' a
    couple other closed ports, like port 109 or something).

    It is always good to get the 'full picture' of what a target looks like.
    Known negatives are just as useful as known positives.

    Regards,
    Frank

  • Next message: Trenten Healy: "RE: New worm in Japan?"

    Relevant Pages

    • Re: Now, about running Windows on a Mac, isnt it great?
      ... It's in the closet 'cause it's, well, rather elderly and crotchety. ... The scanner built into the PSC 1350 mentioned above _is_ a TWAIN scanner, ... MENTION parallel ports... ... If, at this late date, you have a printer which has parallel ports only, and can't get hold of HP DirectJet module either internal or external, or a parallel-to-USB converter, you will get no sympathy from me. ...
      (comp.sys.mac.system)
    • Re: Now, about running Windows on a Mac, isnt it great?
      ... Absolute bullshit. ... The scanner built into the PSC 1350 mentioned above _is_ a TWAIN scanner, ... No Mac has _ever_ had built-in parallel ports, ...
      (comp.sys.mac.system)
    • Re: Malfunction of USB-ports
      ... I found out, that 2 ports at the front will not work properly, if I connect ... other scanner is already connected to the computer, ... USB-ports in connection with the plugged consumers? ... There is a Polyfuse near each USB header, ...
      (alt.comp.periphs.mainboard.asus)
    • Re: Windows Unable To Recognize Scanner Driver
      ... I have the scanner plugged directly into one of the ... computer's ports and it seems to be working fine. ... Check Device Manager and remove any entries if necessary. ... driver is in place and that the hardware is working properly. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Now, about running Windows on a Mac, isnt it great?
      ... It's in the closet 'cause it's, well, rather elderly and crotchety. ... I have used TWAIN scanners and scanner sections built into MFDs from HP, Epson, and Canon over the years. ... MENTION parallel ports... ... If, at this late date, you have a printer which has parallel ports only, and can't get hold of HP DirectJet module either internal or external, or a parallel-to-USB converter, you will get no sympathy from me. ...
      (comp.sys.mac.system)