June 30th, 2004, 12:08 AM
Detecting forwarded ports ...
I have that older PC working as gateway (ClarkConnect 2.1).
to get DCC chat and ftp service working i forwarded 2 port ranges to my w2k comp.
so they are not all the time in use...
is it possible to detect these ranges from the inet ?
may be with nmap , but wich parameters?
could this be a security problem, how can i defend?
what about forwarded ports to machines with the cable unplugged?
June 30th, 2004, 12:16 AM
Well nmap will always be able to pick out a port or service that's open (unless you close it or whatever). Do you have a firewall or a router? What are you using to forward the port's?
June 30th, 2004, 02:23 AM
check out http://clarkconnect.org (RH9 working as firewall/router)
the thing is that there is not really listening something on the lan,
as far as there will be no data transfer via PASV.
but you have to forward some ports to get PASV trandfers working from the internet into the box and vice versa.
can someone find out wich ports i am using and use this knowledge against me?
June 30th, 2004, 01:26 PM
when someone scan you computer, he/she will get two diferent O.S. signatures:
- one signature for those forwarded ports (if gateways O.S. differs for final O.S.)
- one signature for all remaining ports (answered by gateway)
with 15 secs of thinking time. attacker can guess that there is a FW/Gateway in front and some server behind him....
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt.
If I die before I wake, I pray the Lord my soul to brake.