RE: Providers blocking portscans - bad news for pentest?

From: Alexander Klimov (alserkli@inbox.ru)
Date: Tue Jul 05 2005 - 04:11:10 EDT


On Mon, 4 Jul 2005, Erin Carroll wrote:

> The system they have installed has to have a threshold of some sort before a
> block is put into place (x scans per y seconds/minutes etc). Many of the
> portscan tools in use have the ability to stagger or control the frequency
> of probes with timeout variables, parallel host scanning options, and/or
> simultaneous port probes which may help in bypassing the throttle trigger of
> their new filter-bot. Nmap for instance can also modify the delay between
> each probe frame to scan as quickly or as slowly as desired using the
> --scan_delay flag.

OTOH since your client could also have a firewall/IPS which blocks
fast portscans it is a good idea to do slow portscans even from usual
ISP.

-- 
Regards,
ASK


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:31 EDT