RE: Outgoing Port Check

From: Shenk, Jerry A (jshenk@decommunications.com)
Date: Tue Nov 28 2006 - 11:58:45 EST

• Next message: Chris Stromblad: "Pen-testing - pricing model"
• Previous message: Tim: "Re: Optimal wildcard search algorithm"
• Maybe in reply to: errorcode408: "Outgoing Port Check"
• Next in thread: Michael Scheidell: "RE: Outgoing Port Check"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

That's actually a pretty good way. Set up a sniffer on the outside and
run nmap on the inside. One the sniffer, limit the sniffing to the host
that you are portscanning. I just did that yesterday. My dump file had
ONLY the traffic that the firewall was supposed to be allowing
through...amazing...somebody got it right;)

Here's one possible set of command-line arguments for what you want.
This is just tcp but you get the idea.

Outside:
tcpdump -i eth1 host 200.200.200.200 -w firewall_test.dump

You can read this file with: tcpdump -r firewall_test.dump | less

Inside:
nmap -sS 200.200.200.200 -p 1-65535

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of errorcode408
Sent: Tuesday, November 28, 2006 6:24 AM
To: pen-test@securityfocus.com
Subject: Outgoing Port Check

Hi List,
I want to perform a check for allowed ports for outgoing Connections,
TCP and UDP as well, inside a filtered Company Network.

I thought of using nmap full port range, full connect Method against an
Server in a DMZ all Ports opened...

I am sure there are better ways, thats why im asking.

What do you think?

Are there tools for discovering Local Networks and its restrictions?
Regards,

Errorcode408

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------




**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Chris Stromblad: "Pen-testing - pricing model"
• Previous message: Tim: "Re: Optimal wildcard search algorithm"
• Maybe in reply to: errorcode408: "Outgoing Port Check"
• Next in thread: Michael Scheidell: "RE: Outgoing Port Check"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:23 EDT