Re: Port Scanning.

From: Delron Troy (delrontroy@lineone.net)
Date: Mon Dec 13 2004 - 15:37:57 EST


Hi Faisal,

Its always good practice to run scans from different locations on the
Internet, using machines (that you LEGALLY have access to) that are not
on the same subnet or ISP. Doing this will verify your results and show
information about parts of your client's packet-filtering scheme that
may be based on source address. If any of the machines you are using are
connected to an ISP thats got egress filtering enabled, it will show up
when you compare results. More reliable information about your client is
obtained when your scanning machines are not NATed.

When it comes to tools, I always start with Nmap, but others can be
useful, again to verify results and obtain more detailed information,
like PoF. Specfic service scanners can be very informative, like IKEScan.

SOCKS5 supports UDP as well as TCP, so a limited scan can be made
through trusted SOCKS servers.

Cheers
 

Faisal Khan wrote:

>
>
> What's a good industry practise whilst doing port-scanning during a
> pen-test.
>
> Do you rely on the results of a single vendor's software or do you use
> multiple softwares?
>
> Also, with each OEM/vendor - do you scan once or twice?
>
> I need to do a scan on a Class C Address if that matters in any way.
>
> Faisal
>
>
>
> Faisal Khan, CEO
> Net Access Communication
> Systems (Private) Limited
> ________________________________
>
> Network Security - Secure Web Hosting
> Managed Internet Services - Secure Email
> Dedicated Servers - Reseller Hosting
>
> Visit www.netxs.com.pk for more information.
>
>
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:10 EDT