Re: Providers blocking portscans - bad news for pentest?

From: Robert BARABAS (dc@ktk.bme.hu)
Date: Tue Jul 05 2005 - 12:39:32 EDT


On Monday 04 July 2005 23.13, Petr.Kazil@eap.nl wrote:
Hello,

I completely agree with the previous answers, you should check out what the
``allowed rate'' is. However, they were mentioning worms and trojans, so
there might be a chance that they are just filtering a specific type of scan,
e.g. syn scans only, since many worms are using this type of scan, etc., so,
get informed in that as well (or make tests).
Having a pentest box at a provider (friends/services abroad?) which has no
limitation for port scanning could be also a solution (maybe your pentest
company can arrange this with the/a provider?).
Best regards,

DC

> However they have recently installed a system that wil automatically block
> anyone doing a portscan. They mention a system of "aggregated firewalls"
> that behaves like a "bot". There is nothing that can be done against it.
> Asking for a temporary permission is useless and the provider does not
> provide any service without this filter anymore (other than expensive
> colocation). They say that with the explosion of trojans and worms they
> had to take these measures.

-----------------------------------------
Robert BARABAS
Technical University of Budapest





This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:31 EDT