Re: [SLUG] Port Probing Tool Needed

From: Brian Coyle (brian@linuxwidows.com)
Date: Tue Jul 23 2002 - 21:16:20 EDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 23 July 2002 11:09, David Meyer wrote:
> I wanted to find out if anyone is aware of, or has a favorite port probing
> tool they use to check in the ports on systems. Specifically, I am looking
> for a solid way I can test someone's firewall for them by getting their IP
> address, and then scanning all their ports to find the holes.

As already mentioned (several times) nmap[1] and nessus are the defacto tools.
However, if you're targeting a firewall specifically, or depending on how
sophisicated (read 'need more skills') you want to get, you'll want to
consider some additional tools:

        o Firewalk http://www.packetfactory.net/firewalk/
        o Hping (& Hping2) http://www.hping.org/
        o tcptraceroute http://michael.toren.net/code/tcptraceroute/
        o udpscan (sorry don't have a link handy)
        o strobe (ditto)

If you find a webserver with cgi-bin, look to whisker

        o whisker http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2

> I am not a hacker, just trying to help customers find their weak spots.

And IANAL, but I'd be remiss not to mention this:

        Florida Statute 815 - "The Computer Crimes Act".  
        http://www.clas.ufl.edu/docs/flcrimes/section2_1_1.html

        This law was enacted in 1978 and makes it a third degree
        felony for "Whoever willfully, knowingly, and without
        authorization accesses or causes to be accessed any computer,
        computer system, or computer network; or whoever willfully,
        knowingly, and without authorization denies or causes the denial
        of computer system services to an authorized user of such
        computer system services, which, in whole or part, is owned by,
        under contract to, or operated for, on behalf of, or in
        conjunction with another commits an offense against computer
        users."

Be VERY CAREFUL! Get WRITTEN permission (a get out of jail free card)
before starting. Be sure this documents what IP addresses can be scanned
and the scope of your activites (no DoS, hours of operation, emergency
contact info for both parties, etc.) Make sure IP addresses have matching
reverse DNS entries and that ownership matches your customer.

GOOD LUCK!

[1] BTW- the nmap page has a great list of the top 50 security tools:
        http://insecure.org/tools.html

- --
GPG Key fingerprint = AE1C 123A 1153 8A63 E8A9 FAEA 111D CCB8 7527 701B

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9Pf/kER3MuHUncBsRAinvAJ9EjLmZm96d3MQBtxW+c7PQVhwjDQCggaNH
cdkJeJddOBb70yhKm3ip8Wc=
=Qmqw
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 14:20:22 EDT