RE: Port Scanners

• From: "Greg Mulholland" <greg@xxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 30 Oct 2003 14:46:07 -0800

Jim raises some very good points. 8 years ago i thought the "leak test" was 
unreal but of course as jim says it only adds to the "open port" problem or 
mentality, wihch Tom has adressed previously :)
 
This issue was raised also quite clearly by Tom in regards to the latest RPC 
patch etc etc. The opening of these generic ports have always been construed as 
"bad, naughty, insecure" when most times it is the insecurity of the admin that 
causes him to form this opinion. The secure implemtation of the service is the 
key factor in this issue. Sadly, i know several lets call them "traditional MS 
admins, using *nix based firewalls" :) who adhere to this way of thinking and 
there have been many heated discussions involving the goods and bads of their 
design and my design etc, generally inlvolving a box of beer or two.
 
My point is i think or i hope that in this community, using a product which is 
so versatile lik ISA and with all Toms and others work in scenario testing, we 
are continuing to develop secure implementations whilst still providing people 
with the full functions a firewall or a network can provide. Further to this i 
think we are also creating a sense of change as far as others attitudes towards 
such these possible insecurities. 
 
But yes, i like the foundstone stuff. :)
 
More like 10 cents worth there.
 
Greg Mulholland
gmulholland@xxxxxxxxxxxxxxx
www.isaserver.org
http://isatools.org
www.google.com
 

________________________________

From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Thu 30/10/2003 4:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port Scanners



http://www.ISAserver.org

Aye Jim, thanks for your input. I am aware that there is a strong opinion
out there that Steve Gibson's articles/apps are a bit dodgy (being naïve I
couldn't say this for myself), but knowing this, it is the reading of these
articles that helps me to expand my (limited) knowledge. Granted, I need to
know that they are invalid first, so that I can find out later what makes
them invalid.

As always, thanks for your feedback.

Cheers


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 29 October 2003 16:14 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port Scanners

http://www.ISAserver.org

<soapbox>
GRC.com?
Sorry William, but I wouldn't trust Steve Gibson to shave in the morning.
He's the one with primary responsibility for "stealth" and "open a port" in
the public mind.
His tools are crap.  "LeakTest, for instance raises a BRF (big red flag) if
you allow FTP through the firewall.  Unfortunately, most folks DO allow FTP
outbound.  his "theories" are crap (remember the "raw IP in Windows" panic
he raised a couple of years ago?) and his web site is little more than a
panic-driving web-tabloid.
</soapbox>

Also, bear in mind that online scanning, no matter how well written, is only
as accurate as the traffic policies in the devices between you and the
scanning app.  For instance, an ICMP unreachable response to the scanner's
request may flag as "ok", but not if it came from an intermediate device.
I'll bet may of the public scanning sites don't even validate this small,
but important point.

My fav's:

- online - www.qualys.com.  They are fast, accurate and don't use "pop
networking" terminology or recent events to create a demand for their
serviceor products.

- offline - scanline from www.foundstone.com.  You place it on a host just
outside your ISA and let 'er rip.  You compare the scanline eport with your
ISA logs and YOU KNOW the state of your firewall policies.
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subconte
nt=/resources/proddesc/scanline.htm

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Wed, 29 Oct 2003 07:59:31 +0200
 "William Robertson" <robertson.william@xxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org

ShieldsUP (My favourite) - https://grc.com/x/ne.dll?bh0bkyd2

Outbound - http://www.hackbusters.net/ob.html

LeakTest (More for personal firewalls, but interesting nonetheless) -
http://grc.com/lt/leaktest.htm



Internet Storm Center (Just general interest regarding ports being used in
the WWW) - http://isc.incidents.org/

FireHole (Just for Interest's sake) - http://keir.net/firehole.html

BackStealth (Also more for outbound communication) -
http://edu.supereva.it/piorio/backstealth.htm?p



FoundStone (If you're concerned about ports etc, then it's always good to
know what these guys are doing) - http://www.foundstone.com/



Cheers

William R.



-----Original Message-----
From: Johnson, Richard (NY Int) [mailto:rjohnson@xxxxxxxxxxxxxxxx]
Sent: 28 October 2003 19:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Port Scanners



http://www.ISAserver.org

Can anyone recommend some port scanning sites that will tell me every single
port open on a server?



Thanks,

Rich

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient.  Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient.  Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
gmulholland@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners
• » RE: Port Scanners

1. Home
2. isalist
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---