Re: Port Scanning

4secure_at_web.de
Date: 12/15/04

  • Next message: Dan Tesch: "Re: Class on Security Tools"
    Date: Wed, 15 Dec 2004 11:37:11 +0200
    To: pen-test@securityfocus.com
    
    

    Beside the available bandwidth it is to be necessary to thoughts over the number of maximum session.

    With an extensive port scan it can come otherwise to unpleasant surprises:

    1.) network equipment (e.g. firewall) on the side of the tester blocks the scan, if no more sessions can be administered.

    2.) network equipment on the test side cannot accept far more sessions.

    The consequence is: The tester receives wrong results and/or the internet access of one or both sides will be blocked by the scan.

    If such a thing happens, it has the same effect, as DoS attack.

    The more slowly a scan is accomplished, the smaller is the danger that it comes to disturbances.
    This applies also if not the complete port range is examined (fewer sessions).
    With a slow Scan the results are more exact.
    With attainable systems one should examine however the complete port range.

    One can optimize the local side quite well, so that it dose not come to session problems with a fast and extensive scan. With the remote side the situation looks however differently.

    - Istvan
    __________________________________________________________
    Mit WEB.DE FreePhone mit hoechster Qualitaet ab 0 Ct./Min.
    weltweit telefonieren! http://freephone.web.de/?mc=021201


  • Next message: Dan Tesch: "Re: Class on Security Tools"

    Relevant Pages

    • NetScreen Response to ScreenOS Port Scan DoS Vulnerability
      ... In reference to your recent posting regarding NetScreen's "ScreenOS Port ... immediately close each of the sessions established during the port scan, ... the session table on a NetScreen-5XP will be consumed faster than ...
      (Bugtraq)
    • [NEWS] NetScreen Response to ScreenOS Port Scan DoS Vulnerability
      ... ScreenOS Vulnerable to Trust Interface DoS Attack, ... The reported issue involves the initiation of a Port Scan against a host ... immediately close each of the sessions established during the port scan, ... the session table on a NetScreen-5XP will be consumed faster ...
      (Securiteam)
    • Re: anyway to ssh tunnel through 2 firewalls ?
      ... You don't have to worry about multiple ... >>sessions not working because of busy ports. ... >standard ssh commands, and I don't see why "multiple ... have problems unless you're very strict with the port allocation (which ...
      (comp.security.ssh)
    • Re: 2 VLANs on 1 Port SPAN - CIsco 6500
      ... have 2 monitor sessions -- 1 for each VLAN. ... I need to free up a SPAN so that I can install an IDS. ... the SPAN port? ...
      (comp.dcom.sys.cisco)
    • Re: How to Open a TN3270 session at HMC Stattion ...
      ... For Port Number, I put the default: ... Did you try using the "Configure 3270 Sessions" task on the HMC? ... This task lets you configure 3270 sessions that will get started whenever the HMC starts. ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
      (bit.listserv.ibm-main)