Re: Port Scanning.
robert_at_dyadsecurity.com
Date: 12/22/04
- Previous message: Curt Purdy: "RE: [in] VPN protocols"
- Maybe in reply to: Faisal Khan: "Port Scanning."
- Next in thread: robert_at_dyadsecurity.com: "Re: Port Scanning."
- Reply: robert_at_dyadsecurity.com: "Re: Port Scanning."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Dec 2004 12:17:01 -0800 To: DWreck <dwr3ckmailbox-pentest@yahoo.com>
DWreck(dwr3ckmailbox-pentest@yahoo.com)@Wed, Dec 22, 2004 at 08:29:08AM
> Most IPS admins do not block port scans. The data is fed to a SIM to
> keep a "low priority" eye on who may or may not be profiling you.
>
> Most people using IPS's have them tuned to block nachi type protocol
> anomalies etc.
Sure .. but TCP SYN port scanning was just one example. Any UDP/ICMP
(connectionless) or TCP non-established connection based triggers can be
spoofed with unicornscan as well. The only thing that isn't currently
easy to do is TCP full connection payload injection from spoofed IP's.
We're working on a way to do that though :).
Robret
-- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert@dyadsecurity.com M - (949) 394-2033
- Previous message: Curt Purdy: "RE: [in] VPN protocols"
- Maybe in reply to: Faisal Khan: "Port Scanning."
- Next in thread: robert_at_dyadsecurity.com: "Re: Port Scanning."
- Reply: robert_at_dyadsecurity.com: "Re: Port Scanning."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
