RE: Providers blocking portscans - bad news for pentest?

From: Alexander Klimov (alserkli@inbox.ru)
Date: Tue Jul 05 2005 - 04:11:10 EDT

• Next message: Bénoni MARTIN: "Network audit"
• Previous message: Daniele Bellucci: "Re: finding layer 2 network devices"
• In reply to: Erin Carroll: "RE: Providers blocking portscans - bad news for pentest?"
• Next in thread: RCS: "Re: Providers blocking portscans - bad news for pentest?"
• Reply: RCS: "Re: Providers blocking portscans - bad news for pentest?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, 4 Jul 2005, Erin Carroll wrote:

> The system they have installed has to have a threshold of some sort before a
> block is put into place (x scans per y seconds/minutes etc). Many of the
> portscan tools in use have the ability to stagger or control the frequency
> of probes with timeout variables, parallel host scanning options, and/or
> simultaneous port probes which may help in bypassing the throttle trigger of
> their new filter-bot. Nmap for instance can also modify the delay between
> each probe frame to scan as quickly or as slowly as desired using the
> --scan_delay flag.

OTOH since your client could also have a firewall/IPS which blocks
fast portscans it is a good idea to do slow portscans even from usual
ISP.

-- 
Regards,
ASK

• Next message: Bénoni MARTIN: "Network audit"
• Previous message: Daniele Bellucci: "Re: finding layer 2 network devices"
• In reply to: Erin Carroll: "RE: Providers blocking portscans - bad news for pentest?"
• Next in thread: RCS: "Re: Providers blocking portscans - bad news for pentest?"
• Reply: RCS: "Re: Providers blocking portscans - bad news for pentest?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:31 EDT