Vulnerability Scanner Source Ports
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Vulnerability Scanner Source Ports

  1. #1
    Junior Member
    Join Date
    Feb 2005
    Posts
    4

    Question Vulnerability Scanner Source Ports

    Could anyone let me know what are the source ports for popular vulnerability scanners and port scanners. In other way which port needs to be opened on firewalls to scan a PC behind a Firewall.


    Thanks
    Praveen

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: Vulnerability Scanner Source Ports

    Originally posted here by pravi_2
    Could anyone let me know what are the source ports for popular vulnerability scanners and port scanners.
    0-65535
    In other way which port needs to be opened on firewalls to scan a PC behind a Firewall.
    Any or all of the 65535 ports available.. Preferably the ones that has a service listening on it..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Could anyone let me know what are the source ports for popular vulnerability scanners and port scanners. In other way which port needs to be opened on firewalls to scan a PC behind a Firewall.
    Forgive me if I am wrong, but are you asking what ports you need to have open on your own computer in order to scan another computer? If that's the case, then the answer is none (at least, no incoming ports), so don't go configuring your firewall except for allowing the vuln scanner outbound access or unless it asks.

    If I've answered completely the wrong question, then I'm sure SirDice's is right.
    TAZForum <---- click

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356

    Re: Re: Vulnerability Scanner Source Ports

    Originally posted here by SirDice
    0-65535

    Any or all of the 65535 ports available.. Preferably the ones that has a service listening on it..
    I took the first question a little differently. If you don't know or aren't sure, the defaults of most, if not all, scanners will be sufficient. The general theory behind setting your source port for a scan is for places that run non-state aware access controls (like router access lists) or to perhaps take advantage of lazy firewall admins who write careless rules. For example, when doing UDP scans I often chose udp/53 as the source port b/c many ACL's will allow outbound DNS queries (not always, depends on the architecture, but you get the idea and outbound in this context means outbound from the target of the scan). So the access list sees the request come in with a source port of 53 and the target port of whatever you are scanning and in many cases will see this as a reply to a connection from its home network, not an external request (syn if tcp) to the home network for the port being checked...

    Regardless, if you are performing an authorized scan, such mechanizations are not needed since you have permission, right?
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Yeah.. I must admit.. the answers I gave are a little braindead.. But without any context the questions are just too vague to answer...
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Junior Member
    Join Date
    Feb 2005
    Posts
    4
    Sorry I am not able to understand the answer.. May be I asked in a wrong way.

    Let me put it clearly, I have Nessus installed and working fine. I want to scan local network for vulnerabilities. There are few laptops in the network with Sygate personal firewall. Sygate is blocking the Nessus port scanning.

    How can I tell Sygate to allow Nessus(Here I need to mention the source IP and port). I can simply mention that allow anything from Nessus, but I wants to open a particular port rather than all for that IP/NessusBox.

    Thanks

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    Guys,
    I think he is asking if there is a way he can open a particular port in the Sygate firewall, which will allow him to scan the computer behind the firewall for vulnerabilities. Does that sound right Pravi_2?
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  8. #8
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    Now I get it, I think. The firewall is preventing Nessus from performing the OS scan. I don't know if a specific port will do the trick, since Nessus hits a number of ports during the scan to test vulnerabilities, depending on the configuration of the scan. I think you will have to configure an allow at each of the laptops for the Nessus application, or disable the firewall during the scans?

  9. #9
    Member
    Join Date
    May 2005
    Posts
    92
    How about just leaving the firewall on and having the nessus box's IP given a permit tcp any (or similar statement) so that it can test all ports from external and not compromising the firewall. You can even remove the statement when you're not scanning the network.

    *edit*

    I just re-read the question. I think if you're having a problem scanning a laptop with a firewall with nessus you should first try disabling ping checks on your nessus scan. This will cause the nessus to fail just about every scan related to firewalls because they will not respond to any pings and will then not be tested.
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

  10. #10
    Member
    Join Date
    May 2005
    Posts
    92
    Oh, and I advise checking out www.nessus.org and getting on the mailing list if you're serious about nessus. It's saved me a lot of troubleshooting time on my systems.
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •