From: Christoph Puppe (puppe@hisolutions.com)
Date: Tue Jul 05 2005 - 09:31:05 EDT
Petr.Kazil@eap.nl schrieb:
> <rant warning> Recently I had a worrying experience with my Internet
> provider that might be interesting for some of us.
The policy of the uplink provider is allways a major concern when doing
PTs. For example, it is standard practice to check if spoofed packets can
be sneaked by the firewall. So you need to have a provider w/o spoofing
prevention, something a good provider should have in place.
Your problem with portscans gets even harden when you have to do large
amounts of exhaustive scans. Scanning a /24 for all 2^17 Ports are 2^20
Packets. So you want to be fast, I usualy send about 2000 packets / sec,
covering the range in just a few hours. I usualy find open ports on very
uncommon numbers, like vnc on 55900 and such.
This comes down to the advice to talk with your provider, get an agreement
to get unfiltered and unrestricted access and provide a telefonnumber in
the whois record of your network or ip number, in case you trample someone
elses feet.
-- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:31 EDT