Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Port Scanning.

from [Faisal Khan] Network Security [Permanent Link]
Subject: RE: Port Scanning.
Date: Tue, 14 Dec 2004 14:28:30 +0500


That's a good comment below. We did notice how our client has changed some ports, for example they do not use the standard ports for VNC or MS SQL Clients or Oracle Clients, they have assigned hi-end ports and mapped those ports to the respective applications.




At 09:53 AM 12/14/2004, rzaluski wrote: 
Port scanning is only part of it.  If you are using manual or automated
tools you still need to VERIFY that the port number associated with the
protocol is indeed what it advertises to be.  Nmap for instance blindly
Accepts that port 22 is associated with SSH but it this fact?  You should
always verify the port protocol to ensure that this is the case.

For instance running nmap output through amap.
- amap interrogates the protocol bound to the number

For instance you can do the following :
Step 1. Scan the target host and produce a machine-readable output file. In
this case it is "nmap.output"
nmap -sS 10.21.1.5 -oM output.nmap

----------------------------------------------------

Step 2 use this output file as input for amap.
Amap -I nmap.output

.........sample output............................

amap -i output.nmap
amap v4.7 (www.thc.org) started at 2004-12-14 00:50:02 - APPLICATION MAP
mode

Protocol on 10.21.1.5:22/tcp matches ssh
Protocol on 10.21.1.5:22/tcp matches ssh-openssh
Protocol on 10.21.1.5:443/tcp matches http
Protocol on 10.21.1.5:443/tcp matches http-apache-2
Protocol on 10.21.1.5:80/tcp matches http
Protocol on 10.21.1.5:25/tcp matches smtp
Protocol on 10.21.1.5:80/tcp matches http-apache-2

.... you get the idea

As you can see amap also found that we are running an apache server  ;-)


amap is a good tool that can be downloaded from
http://www.thc.org/releases.php



Richard Zaluski
CISO, Security and Infrastructure Services
iVolution  Technologies Incorporated
905.309.1911
866.601.4678
905.524.8450 (Pager)
www.ivolution.ca
rzaluski@ivolution.ca

-----Original Message-----
From: Piskovatskov, Alexey [mailto:Alexey.Piskovatskov@bindview.com]
Sent: Monday, December 13, 2004 11:24 AM
To: Faisal Khan; pen-test@securityfocus.com
Subject: RE: Port Scanning.

There's good document by NIST on this subject:
http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf
Because nature of the scanners to report false positives/negatives,
using multiple vendors and/or free tools is appropriate.

Best,

Alexey

-----Original Message-----
From: Faisal Khan [mailto:faisal@netxs.com.pk]
Sent: Monday, December 13, 2004 8:47 AM
To: pen-test@securityfocus.com
Subject: Port Scanning.



What's a good industry practise whilst doing port-scanning during a
pen-test.

Do you rely on the results of a single vendor's software or do you use
multiple softwares?

Also, with each OEM/vendor - do you scan once or twice?

I need to do a scan on a Class C Address if that matters in any way.

Faisal



Faisal Khan,  CEO
Net Access Communication
Systems (Private) Limited
________________________________

Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting

Visit www.netxs.com.pk for more information. 



Faisal Khan,  CEO
Net Access Communication
Systems (Private) Limited
________________________________

Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting

Visit www.netxs.com.pk for more information.


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Password Audit tools, miguel . dilaj
Next by Date:  Re: Password Audit tools, Peter Wood
Previous by Thread:  RE: Port Scanning., miguel . dilaj
Next by Thread:  Re: Port Scanning., infosecgod
Indexes:  [Date] [Thread] [Top] [All Lists]