Re: SV: Security test of firewall dose not show UDP port 500 is open

From: Davide Carnevali (carnevali@protechta.it)
Date: Wed Mar 29 2006 - 08:57:20 EST

• Next message: Erin Carroll: "New article on SecurityFocus: Open source security testing methodology interview with Pete Herzog"
• Previous message: Phil Frederick: "Re: Canned audits"
• In reply to: Martin Thor-Kristiansen: "SV: Security test of firewall dose not show UDP port 500 is open"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Which scan option are you using with Nessus 3.0?
Which have you used with 2.0?
If you use and have used nmap, which version?

Regards

Martin Thor-Kristiansen wrote:
> This lead me back to the following question:
> Why dose Nessus 2.x find the open port and Nessus 3.0 don't?
>
> Best regards
>
> Martin Thor-Kristiansen
> Cisco CCSP, Microsoft MCSE
> Chefkonsulent
> ----------------------------------
> MRC Computer A/S
> Thistedvej 66
> 9400 Nørresundby
>
> Mobil: +45 23 21 62 66
> Tlf.: +45 96 32 45 00
> Fax: +45 96 32 45 01
> Direkte: +45 96 32 45 04
> www.mrc.dk
> -----------------------------------
>
>
> -----Oprindelig meddelelse-----
> Fra: Daniel Lucq [mailto:daniel@scanit.be]
> Sendt: 28. marts 2006 11:11
> Til: pen-test@securityfocus.com
> Cc: Martin Thor-Kristiansen
> Emne: Re: Security test of firewall dose not show UDP port 500 is open
>
> Well, could be that the IKE service (if it is enabled) only responds to
> IKE handshake requests containing a supported IKE transform (or vendor
> ID, authentication type, etc.).
>
> I would suggest using ike-scan to poke a bit at the target with
> different transforms etc.
>
>
> Regards,
> Daniel
>
> mtk@mrc.dk wrote:
>> Hi all,
>>
>> We have been using Nessus for security scanning the Cisco Pix firewalls we install for our custemers. I have one "old" repport showing ISAKMP UDM port 500 is open. The firewall isn't updated but now the port has disapeard fro the new rapport?
>> We have asked Cisco if the securiyt scanner is supposed to find UDP port 500 (I don't think so) and a CCIE from Cisco have told us "no the port is hidden."
>>
>> I wonder how the port can be in the old repport?
>>
>> If any one has any input please let me know.
>>
>> Best regards,
>>
>> MTK
>>
>> ------------------------------------------------------------------------------
>> This List Sponsored by: Cenzic
>>
>> Concerned about Web Application Security?
>> As attacks through web applications continue to rise, you need to proactively
>> protect your applications from hackers. Cenzic has the most comprehensive
>> solutions to meet your application security penetration testing and
>> vulnerability management needs. You have an option to go with a managed
>> service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
>> Download FREE whitepaper on how a managed service can help you:
>> http://www.cenzic.com/forms/ec.php?pubid=10025
>> And, now for a limited time we can do a FREE audit for you to confirm your
>> results from other product. Contact us at request@cenzic.com
>> ------------------------------------------------------------------------------
>>
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> As attacks through web applications continue to rise, you need to proactively
> protect your applications from hackers. Cenzic has the most comprehensive
> solutions to meet your application security penetration testing and
> vulnerability management needs. You have an option to go with a managed
> service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
> Download FREE whitepaper on how a managed service can help you:
> http://www.cenzic.com/forms/ec.php?pubid=10025
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com
> ------------------------------------------------------------------------------
>

-- 
Davide Carnevali
CTO
Protechta - Information Security
OPST, CCSP
Tel. +39 0521 2021
Fax. +39 0521 207461
http://www.protechta.it/
e-mail: davide@protechta.it
Disclaimer: http://www.protechta.it/disclaimer
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------

• Next message: Erin Carroll: "New article on SecurityFocus: Open source security testing methodology interview with Pete Herzog"
• Previous message: Phil Frederick: "Re: Canned audits"
• In reply to: Martin Thor-Kristiansen: "SV: Security test of firewall dose not show UDP port 500 is open"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:45 EDT