Scanning Your LAN for an Open Port
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Scanning Your LAN for an Open Port

  1. #1

    Question Scanning Your LAN for an Open Port

    How does one go about scanning an entire network to look for machines with specific ports open?

    For example, one of the latest MyDoom variants looks for port 1034 on potential victims. So, if I wanted to scan my LAN here to find out if any machines have 1034 open, how would I go about doing that? Is this something I would employ Nmap for?

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Just use NMAP on your whole subnet(s) and specify that port.
    There are *NIX and Win32 versions available.

    www.nmap.org

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Instead i would advice to install A/V on each machine and scan it on a regular basis.
    Scanning network looking for malware will just add overhead on it.
    And you will get more malware than just scanning with nmap or similar tool.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    Definately, we'd be crazy not to have AV. I just thought this would be a good extra precaution. Particularly, that port is left open by the previous MyDoom, so I'm wondering, if AV caught MyDoom after it had attacked, would it re-close the port? Or would the port remain opened? That's why I'm thinking it's best to err on the side of caution and scan for the port, just in case.

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by cacosapo
    Instead i would advice to install A/V on each machine and scan it on a regular basis.
    Scanning network looking for malware will just add overhead on it.
    And you will get more malware than just scanning with nmap or similar tool.
    I think he simply wanted to scan his network to see what nodes had that port open, not scan for malware per se..??

    Could be wrong tho..

  6. #6
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    what i did here was use Angry IP Scanner (available here ) in it you have a scan for open ports, and you can just scan for that certain port it is very easy to use and you can save the output as a CSV so you can open it later in M$ Excel
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  7. #7
    That's wierd, I could've sworn I had already posted in response to chef...Oh well, anyway, yes, chef's right. I'm just scanning to see if that port's open, not scanning for malware (that's up to the AV and anti-spyware).

  8. #8
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    I got that at 1st post.
    But why? a lot of open port is pretty common on intranet.
    For someone become a victim, 1st a malware must be present. If you make your network "near" free of them, you are quite protect.
    Just to add more "salt" on discussion, some companies scan intranet to see if guys are running "undesirable" software. (i.e. p2p, web servers)
    I think that is just a bad remedy to a crap administration.
    Users shouldnt able to install anything on their computers and any change on config should be monitored/recorded.
    If you have a bad config management, maybe network scan can find some possible problems.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    rather than install nmap and pcap if you haven't already just get superscan from foundstone it has a much lighter footprint and can get the job done.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Originally posted here by Tedob1
    rather than install nmap and pcap if you haven't already just get superscan from foundstone it has a much lighter footprint and can get the job done.
    Ted: You suck...beat me to the post.

    Let me SECOND Tedo on SuperScan: great little app. I have used both ver 3 and ver 4, and found ver 3 better as far as user interface and ver 4 has addl features.

    SuperScan v.3 http://www.foundstone.com/resources/.../superscan.htm
    SuperScan v.4 http://www.foundstone.com/resources/...superscan4.htm

    I've attached a ports list I use in SuperScan that I built out of a bunch of lists about a year ago.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides