RE: Port scanning question

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 07/03/03

  • Next message: Erik Rissanen: "Re: Ten least secure programs"
    To: "'Thom Larner'" <thom@thiri.com.au>, <security-basics@securityfocus.com>
    Date: Thu, 3 Jul 2003 09:37:23 -0700
    
    

      You should be able to see this in your firewall logs --
    a series of blocked connection attempts to unused ports
    on your servers, usually followed by a similar set of
    attempts on the next server address.

    David Gillett

    > -----Original Message-----
    > From: Thom Larner [mailto:thom@thiri.com.au]
    > Sent: June 30, 2003 16:38
    > To: 'security-basics@securityfocus.com'
    > Subject: Port scanning question
    >
    >
    > Hi all,
    >
    > As a relative newcomer to the security field, but with a
    > reasonable amount
    > of experience in sys admin roles, I am now responsible for the network
    > security of the (small) company I work for. One of the
    > things I would like
    > to do is determine if (when) our web server, which hosts our
    > applications,
    > is being port scanned. How do I go about this? Are there
    > (free or cheap)
    > tools that will help you do this? We run both Solaris and
    > W2K Server boxes,
    > and I would like to check both.
    >
    > Now I just have to determine what, if anything, to do if
    > (when) we are being
    > scanned...
    >
    > Thanks in advance for your help.
    >
    > Cheers,
    >
    > Thom.
    >
    > --------------------------------------------------------------
    > -------------
    > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by
    > top analysts!
    > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > while InStat has confirmed Neoteris as the leader in marketshare.
    >
    > Find out why, and see how you can get plug-n-play secure
    > remote access in
    > about an hour, with no client, server changes, or ongoing maintenance.
    >
    > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    > --------------------------------------------------------------
    > --------------
    >

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------


  • Next message: Erik Rissanen: "Re: Ten least secure programs"

    Relevant Pages

    • Re: Port scanning question
      ... There are a number of different things that could alert you to a port ... the web server or on a switch port that is spanned from the web ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • RE: Remote Access/OWA
      ... Yes, you are right, you can type the Public IP address as the VPN Server ... when you are running the Remote Access Wizard. ... Port 21 enable external and internal file transfer ... Port 80 enables all nonsecure browser access, ...
      (microsoft.public.windows.server.sbs)
    • RE: sshd for windows
      ... But the traffic is encrypted using a 128-bit encryption key, ... software comes with Windows 2000 server and is fully supported by the ... vendor and it meets the users requirement of providing remote access. ... >> The Gartner Group just put Neoteris in the top of its Magic ...
      (Security-Basics)
    • RE: Repeated Port Scan
      ... about an hour his Apache server disappeared and he stopped port scanning ... >Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • Re: Linksys router settings
      ... I have run both CEICW and remote access. ... POrt Range: I've inserted these in when they weren't showing on the UPnP page ... > when set up incoming VPN connection on SBS 2003. ... > opened when the POP3 service is enabled in the SBS 2003 server. ...
      (microsoft.public.windows.server.sbs)