RE: Open Ports
- From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 19 Jan 2006 13:36:57 -0800
I don't know that I agree with that-- port knocking is just port knocking.
It's how it is used that makes it malicious or not.
t
-----
"I'll see your Llama and up you a Badger."
John T
----- Original Message -----
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, January 19, 2006 1:24 PM
Subject: [isalist] RE: Open Ports
http://www.ISAserver.org
"port knocking" as understood by the majority of the security community *is*
malicious.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Geldrop, Paul van [mailto:paul.van.geldrop@xxxxxxxxxxxxx]
Sent: Thursday, January 19, 2006 12:08
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Open Ports
True. However, with the assumption that a) you actually own the system and
b) you want to use the port-knocking mechanism (therefore making it wanted
code), the concept isn't bogus.
My intention is to have a go at it on my testing environment, just because
it'd be fun to try. :P I wouldn't dream of even mentioning the concept at a
customer.
As far as 'owning the machine', I can imagine you're also referring to the
fact I don't 'own' the ISA server's internals. True. Combining an ISA server
as back-end with, say, a UNIX machine in front with port-knocking on it,
however, would solve that problem. I'm also aware there are plenty of progs
available to do that for me, but, ah hell, I like playing around with code
at times. ;)
________________________________
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thu 19-1-2006 20:56
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Open Ports
http://www.ISAserver.org
The basic idea behind port-knocking is that you have installed an agent that
can control your (local or remote) firewall policies. If you've
accomplished the task of installing unwanted code on a machine that you
don't (actually) own, you've wasting time simply dorking about with firewall
policies.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Geldrop, Paul van [mailto:paul.van.geldrop@xxxxxxxxxxxxx]
Sent: Thursday, January 19, 2006 11:45
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Open Ports
Why bogus ?
________________________________
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thu 19-1-2006 20:41
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Open Ports
http://www.ISAserver.org
Port-knocking is a bogus concept.
If you can place your agent on the firewall, it's game over anyway.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Geldrop, Paul van [mailto:paul.van.geldrop@xxxxxxxxxxxxx]
Sent: Thursday, January 19, 2006 11:34
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Open Ports
Actually, the concept of port-knocking applies to this example rather
beautifully.. shame it's not available for ISA 2004. Though I do plan to
have a go at a script for that, just because I wanna. :P
Paul
http://blogs.dirteam.com/blogs/paul
________________________________
From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx]
Sent: Thu 19-1-2006 19:59
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Open Ports
http://www.ISAserver.org
Whenever I hear GRC.com I shudder and start loosing hair. The vision of
Gibson's plump moustache brings vile, unspeakable things back to rise around
the taste buds on the back of my tongue.
And indeed "opening a port" (haha one more kitten/isa just died)only when
requested... wouldn't that be the equivalent of leaving it open?
It's akin to plugging your ears shut and opening them only when the phone
rings. How will you know it is ringing and that someone attempts to
communicate with you?
Either I misunderstood or something here is clearly illogical.
-----Message d'origine-----
De : Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Envoyé : 19 janvier 2006 12:09 À
: [ISAserver.org Discussion List] Objet : [isalist] RE: Open Ports
http://www.ISAserver.org
You've been to GRC.com again, haven't you?
:-P
Both HTTP and FTP use the TCP protocol to get where they're going.
It's a basic precept of TCP communications that you can't respond to a
connection request if you don't accept them.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Tom Rogers [mailto:trogers@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, January 19, 2006 08:59
To: [ISAserver.org Discussion List]
Subject: [isalist] Open Ports
Ports 80 and 21 are open statically on my ISA 2000 SP-2 server. I publish
websites through ISA and a single FTP site. How do I make these ports open
dynamically - only when proper access is needed?
TIA,
-Tom Rogers
ISA Rookie
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
paul.van.geldrop@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
paul.van.geldrop@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
paul.van.geldrop@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts: