RE: Blocking Port scans

From: Josh Perrymon (perrymonj@networkarmor.com)
Date: Mon Oct 24 2005 - 13:49:04 EDT


I don't think you will successfully shun SYN traffic with the PIX. You
will need a device to look into the header flags right? Just verify the
ports than are needed to be open and then harden the OS set in the
security polices and introduce IDS possibly IPS to supplement this.

PIX firewalls are solid for what there designed to do ( Provide ACLS and
Redundancy ) but they don't have the higher layer inspection other than
the very basic RFC and some SYN flood protection with may be a little
helpful unless it's a skilled attacker.

Probably didn't answer anything huh :)

JP
Network Armor

-----Original Message-----
From: BSK [mailto:bishan4u@yahoo.co.uk]
Sent: Monday, October 24, 2005 7:35 AM
To: pen-test@securityfocus.com
Subject: Blocking Port scans

Hello Everyone,

Just wanted some feedback from you people. I'm doing a
Firewall Assessment for a CISCO PIX firewall. The
firewall allows SYN, FIN, NULL and XMAS scans but
blocks ACK scans (largely means its a stateful
firewall).

Now what do we do to block the scans that are allowed.
I think it should be easy to block FIN, NULL and XMAS
scans but how do we block or limit or workaround a SYN
scan. 1 way that I think is probably blocking or
limiting the packets from the source (using IDS/IPS)

Looking ahead to some ideas, thoughts, hints.

thns bshan

                
___________________________________________________________
To help you stay safe and secure online, we've developed the all new
Yahoo! Security Centre. http://uk.security.yahoo.com

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:05 EDT