RE: superscan on win2k vs winxp

From: Omar A. Herrera (omar.herrera@oissg.org)
Date: Tue Sep 06 2005 - 17:59:48 EDT

• Next message: secure_hack@hotmail.com: "Nmap Strange Read Error (Anyone Seen this Before?)"
• Previous message: Dario Ciccarone (dciccaro): "RE: Nortel Contivity 2600"
• In reply to: paavan shah: "superscan on win2k vs winxp"
• Next in thread: Richard Zaluski: "RE: superscan on win2k vs winxp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

> -----Original Message-----
> From: paavan shah [mailto:paavan.shah@gmail.com]
>
> I am using superscan to scan hosts for possible open ports.But
> surprsingly ,if i scan it from windows 2000 and windows xp with sp2
> the results differ.
>
> When i scan from xp it gives no open ports and when i scan from
> windows 2000,it gives certain ports open.
>
> Does anyone have any idea regarding this?
>
> If tcp/ip stack is implemented differently on both the opertaing
> systems then can anyone tell me how i can get tcp/ip stack info on my
> xp and 2k machine?

XP SP2 added a nice capability to limit the number of tcp connections
attempt to 10 per second (this would kill any multithreaded scan), besides,
a patch (I think it was MS05-019) blocked the use of raw sockets.

I'm not sure if the last issue would have an impact on superscan, but the
first one most probably does. There is patch around but I've not tested it.
To be honest, you should try another scanning/testing platform if you can.
XP SP2 and laters will restrict "normal" users from doing things they are
not supposed to to thwart some kind of attacks. This of course happens to
also mess with your work as pentester.

Regards,
Omar Herrera

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: secure_hack@hotmail.com: "Nmap Strange Read Error (Anyone Seen this Before?)"
• Previous message: Dario Ciccarone (dciccaro): "RE: Nortel Contivity 2600"
• In reply to: paavan shah: "superscan on win2k vs winxp"
• Next in thread: Richard Zaluski: "RE: superscan on win2k vs winxp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:50 EDT