Re: Port Scanning.

From: robert@dyadsecurity.com
Date: Wed Dec 22 2004 - 15:17:01 EST

• Next message: Alfred Huger: "Happy New Year!"
• Previous message: Curt Purdy: "RE: [in] VPN protocols"
• Maybe in reply to: Faisal Khan: "Port Scanning."
• Next in thread: robert@dyadsecurity.com: "Re: Port Scanning."
• Reply: robert@dyadsecurity.com: "Re: Port Scanning."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

DWreck(dwr3ckmailbox-pentest@yahoo.com)@Wed, Dec 22, 2004 at 08:29:08AM
> Most IPS admins do not block port scans. The data is fed to a SIM to
> keep a "low priority" eye on who may or may not be profiling you.
>
> Most people using IPS's have them tuned to block nachi type protocol
> anomalies etc.

Sure .. but TCP SYN port scanning was just one example. Any UDP/ICMP
(connectionless) or TCP non-established connection based triggers can be
spoofed with unicornscan as well. The only thing that isn't currently
easy to do is TCP full connection payload injection from spoofed IP's.
We're working on a way to do that though :).

Robret

-- 
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert@dyadsecurity.com
M - (949) 394-2033

• Next message: Alfred Huger: "Happy New Year!"
• Previous message: Curt Purdy: "RE: [in] VPN protocols"
• Maybe in reply to: Faisal Khan: "Port Scanning."
• Next in thread: robert@dyadsecurity.com: "Re: Port Scanning."
• Reply: robert@dyadsecurity.com: "Re: Port Scanning."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:11 EDT