-
February 13th, 2004, 11:27 PM
#1
Junior Member
source port scanning through router
Hello
I have been testing the firewall on my 2'nd pc and i am now trying a port scan with a fixed source port of 80.
Everytime i check the fwall logs it is shown as coming from high numbered ports 1500+
The pc i am testing it from is connected to a router which is using Nat, Will this affect my results.
Thx
-
February 14th, 2004, 01:27 AM
#2
while a web server listens for incomming connections on port 80 (standard) your out going requests start at the first available port over 1024 and go in succession.
so in theory if your first request is to a webserver:
local ip 127.0.0.1 port 1025 > remote ip 90.90.90.90 port 80
and your next is for ftp:
local ip 127.0.0.1 port 1026 > remote ip 90.90.90.90 port 21
of course there is more traffic thats normally involved so its not really this simple but i hope this helps helps
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
February 14th, 2004, 01:41 AM
#3
I have been testing the firewall on my 2'nd pc and i am now trying a port scan with a fixed source port of 80
As Tedob1 has mentioned, normal connections will begin on port 1025 and above. The fact that you are seeing source ports in the 1500 range is evidence that you are not source port scanning properly (as 80 is obviously the destination port). What program are you using to perform these scans?
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
February 14th, 2004, 02:07 AM
#4
duh! cant believe i missed that it was only THE FIRST LINE. sorry dude!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
February 14th, 2004, 01:56 PM
#5
Junior Member
I have tried Nmapnt with the following options -sS -vv -e 1 -p0 -g 80 xx.xx.xx.xx
I have tried with the -g switch in various places, I have also tried it with Fscan using the -i switch.
I always get the same results, Source port of 1500+
-
February 15th, 2004, 04:40 AM
#6
Member
Perhaps these tools need to make use of raw sockets to create spoofed packets and your OS does not support that?
-
February 15th, 2004, 12:35 PM
#7
I guess this would be a good time to ask what OS you are using.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
February 15th, 2004, 01:10 PM
#8
Junior Member
Both machines are running 2k
-
February 28th, 2004, 03:30 PM
#9
Member
Re: source port scanning through router
Originally posted here by norman221
Hello
I have been testing the firewall on my 2'nd pc and i am now trying a port scan with a fixed source port of 80.
Everytime i check the fwall logs it is shown as coming from high numbered ports 1500+
The pc i am testing it from is connected to a router which is using Nat, Will this affect my results.
Thx
Have you installed winpcap?
[gloworange]
find /home/$newbie -name *? | www.google.com 2>/dev/null
[/gloworange]
-
February 28th, 2004, 03:44 PM
#10
Also, what firewall are you running against? and what exactly is the setup? sounds like you have a router handling NAT for the target box and a local firewall installed, is that correct?
Quis custodiet ipsos custodes
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|