networking/port scanning question
Results 1 to 6 of 6

Thread: networking/port scanning question

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Posts
    317

    networking/port scanning question

    i was reading this paper and part of it confused me about port scanning and stuff. it said:

    On 27 April, at 00:13 hours, our network was scanned by the system 1Cust174.tnt2.long-branch.nj.da.uu.net for several vulnerabilities, including imap. Our intruder came in noisy, as every system in the network was probed.

    Apr 27 00:12:25 mozart imapd[939]: connect from 208.252.226.174
    Apr 27 00:12:27 bach imapd[1190]: connect from 208.252.226.174
    Apr 27 00:12:30 vivaldi imapd[1225]: connect from 208.252.226.174
    how could he scan every system on the network from outside the network? if the computers on the internet are connected to the internet, wouldnt they have to be behind some kind of router or hub that would make it impossible for him to scan them from outside?

    heres the page: http://project.honeynet.org/papers/enemy3/

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356

    Re: networking/port scanning question

    Originally posted here by Phonedog911
    i was reading this paper and part of it confused me about port scanning and stuff. it said:



    how could he scan every system on the network from outside the network? if the computers on the internet are connected to the internet, wouldnt they have to be behind some kind of router or hub that would make it impossible for him to scan them from outside?

    heres the page: http://project.honeynet.org/papers/enemy3/
    Unfortunately not, there are many places that run without the benefit of firewalls or router's doing NAT or using access lists. I would beg to differ about their use of terminology, a port scan is hardly iindicative of 'several vulnerabilities.' It looks to me based on it that it is just run of the mill port scanning for imap...barely even noteworthy.

    Also note, your source is the honeynet project, which is specifically dedicated to 'luring' hackers into specially constructed traps that are desinged to analyze their techniques and tools and to get an idea of what people are looking for. I would not be suprised to see a honeynet system wide open to the world. Was that quote from honeynet too? I am a little surpised they would use that kind of terminology...

    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Posts
    317
    what i meant was, wouldnt he just end up scanning whatever gateway the systems were connected to and not be able to scan the individual computers on the network? unless he could get on that network somehow

  4. #4
    Banned
    Join Date
    Jul 2001
    Posts
    1,100
    Greetings:

    Originally posted here by Phonedog911
    what i meant was, wouldnt he just end up scanning whatever gateway the systems were connected to and not be able to scan the individual computers on the network?
    He'll be able to scan everything that has a publicly routable IP address, assuming no firewall etc. is in place.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Technically speaking, on a network with a non-stateful firewall it is possible to scan the machines on the inside though I'm quite sure that non-stateful firewalls nowadays are less common than unfirewalled networks.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Jul 2001
    Posts
    343
    Personally I would use a NAT Firewall router as my first line of defense
    No ifs ands or buts!!!!
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •