Could anyone let me know what are the source ports for popular vulnerability scanners and port scanners. In other way which port needs to be opened on firewalls to scan a PC behind a Firewall.
Thanks
Praveen
Printable View
Could anyone let me know what are the source ports for popular vulnerability scanners and port scanners. In other way which port needs to be opened on firewalls to scan a PC behind a Firewall.
Thanks
Praveen
0-65535Quote:
Originally posted here by pravi_2
Could anyone let me know what are the source ports for popular vulnerability scanners and port scanners.
Any or all of the 65535 ports available.. Preferably the ones that has a service listening on it..Quote:
In other way which port needs to be opened on firewalls to scan a PC behind a Firewall.
Forgive me if I am wrong, but are you asking what ports you need to have open on your own computer in order to scan another computer? If that's the case, then the answer is none (at least, no incoming ports), so don't go configuring your firewall except for allowing the vuln scanner outbound access or unless it asks.Quote:
Could anyone let me know what are the source ports for popular vulnerability scanners and port scanners. In other way which port needs to be opened on firewalls to scan a PC behind a Firewall.
If I've answered completely the wrong question, then I'm sure SirDice's is right. :)
I took the first question a little differently. If you don't know or aren't sure, the defaults of most, if not all, scanners will be sufficient. The general theory behind setting your source port for a scan is for places that run non-state aware access controls (like router access lists) or to perhaps take advantage of lazy firewall admins who write careless rules. For example, when doing UDP scans I often chose udp/53 as the source port b/c many ACL's will allow outbound DNS queries (not always, depends on the architecture, but you get the idea and outbound in this context means outbound from the target of the scan). So the access list sees the request come in with a source port of 53 and the target port of whatever you are scanning and in many cases will see this as a reply to a connection from its home network, not an external request (syn if tcp) to the home network for the port being checked...Quote:
Originally posted here by SirDice
0-65535
Any or all of the 65535 ports available.. Preferably the ones that has a service listening on it..
Regardless, if you are performing an authorized scan, such mechanizations are not needed since you have permission, right?
Yeah.. I must admit.. the answers I gave are a little braindead.. But without any context the questions are just too vague to answer...
Sorry I am not able to understand the answer.. May be I asked in a wrong way.
Let me put it clearly, I have Nessus installed and working fine. I want to scan local network for vulnerabilities. There are few laptops in the network with Sygate personal firewall. Sygate is blocking the Nessus port scanning.
How can I tell Sygate to allow Nessus(Here I need to mention the source IP and port). I can simply mention that allow anything from Nessus, but I wants to open a particular port rather than all for that IP/NessusBox.
Thanks
Guys,
I think he is asking if there is a way he can open a particular port in the Sygate firewall, which will allow him to scan the computer behind the firewall for vulnerabilities. Does that sound right Pravi_2?
Now I get it, I think. The firewall is preventing Nessus from performing the OS scan. I don't know if a specific port will do the trick, since Nessus hits a number of ports during the scan to test vulnerabilities, depending on the configuration of the scan. I think you will have to configure an allow at each of the laptops for the Nessus application, or disable the firewall during the scans?
How about just leaving the firewall on and having the nessus box's IP given a permit tcp any (or similar statement) so that it can test all ports from external and not compromising the firewall. You can even remove the statement when you're not scanning the network.
*edit*
I just re-read the question. I think if you're having a problem scanning a laptop with a firewall with nessus you should first try disabling ping checks on your nessus scan. This will cause the nessus to fail just about every scan related to firewalls because they will not respond to any pings and will then not be tested.
Oh, and I advise checking out www.nessus.org and getting on the mailing list if you're serious about nessus. It's saved me a lot of troubleshooting time on my systems.
I would either disable the firewall completley for the duration of the scan or run a scan - take a look at your logs as to which ports had traffic blocked - then open those ports.