Re: Online Arrmor

Ansgar -59cobalt- Wiechers <usenet-2009@xxxxxxxxxxxxxxxx> wrote:
Volker Birk <bumens@xxxxxxxxxxx> wrote:
The output of these tools doesn't say anything at all about which
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ports are accessible from the OUTSIDE.
If so, throw away your operating system.
*sigh* This is regardless of the operating system. Because none of these
tools know anything about packet filters. Neither local, nor remote.

Maybe you want to correct that then.

A local packet filter may or may not allow connections to port X.
Clear. If you're using a filtering implementation, read the config and
check the status of it additionally.
As you know quite well, the proper way to do that is a port scan.

Not only. As you know, most filtering implementations are dynamic, i.e.
with FTP helpers or even port knocking. You cannot see that with a port
scan.

[...]
The wrong thing with it is, that he may believe that what this tool
shows is how his box is behaving. The reality often is, that on the
way to the testing server the net is being modified by the
inter-connecting networks.
I'd like to see proof for that claim.

In many cases, you're scanning not your box but some NAT box outside
or even some proxy server from the outside.

It's so easy, Ansgar: many Internet providers are filtering. People are
using such remote scanning and are thinking, that the words "your
computer has the following ports closed" mean, that their computer has
them closed. It just means, that someone sent a TCP NACK or some ICMP
port unreachable.

Someone.

And with "stealth" it's even worse: that means, someone on the line,
maybe the box itself, did throw away packets.

Your users don't recognize the difference in scanning results. But I saw
the other way arround, too:

I was in a hotel in Spain. When I was scanning from the outside, my Box
had port 25 open. What?

Wenn I was scanning from the inside, every box in the outside had port
25 open.

The reason was, that this hotel did redirect any transport of any IP
address to their filtering mail server. It did not matter which mail
server you were trying to reach, they connected your TCP socket to any
IP address port 25 to their own box.

In this case, NAT did not make a difference, because they had none.

And of course, their mail server was as b0rken as their network setup,
so I used my own to send mail through an SSH tunnel to my server.

Yours,
VB.
--
Bitte beachten Sie auch die Rückseite dieses Schreibens!
.

Relevant Pages

  • Re: Inbound email problem
    ... Could it be that Qwest is blocking port 25 traffic? ... Can you telnet into your exchange server? ... Do you have exchange server antispam or connection filtering enabled? ...
    (microsoft.public.windows.server.sbs)
  • Re: Inbound email problem
    ... totally sure that port 25 is forwarded to the SBS external nic? ... Can you telnet into your exchange server? ... Do you have exchange server antispam or connection filtering enabled? ...
    (microsoft.public.windows.server.sbs)
  • Re: IP filtering
    ... IP filtering won't prevent the server from listening. ... Having said all that, closing a port is not just about filtering, it's also ...
    (microsoft.public.win2000.security)
  • RE: Win2K TCP/IP filtering and security
    ... Win2K TCP/IP filtering and security ... for each port inbound to the server and your ... NetBIOS port 137. ...
    (Focus-Microsoft)
  • Re: Port Scan
    ... ISA Server detected a well-known port scan attack from Internet Protocol ... I am not sure why its scanning itself. ...
    (microsoft.public.isaserver)