Re: Port Scanning Issues

To:	"crumdub12@gmail.com" <crumdub12@gmail.com>
Subject:	Re: Port Scanning Issues
From:	"Lee Lawson" <leejlawson@gmail.com>
Date:	Tue, 26 Jun 2007 08:54:05 +0100
Cc:	pen-test@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=NfAri0e9XSrVdrFG7+B4ahvDhBHyycd/uSMKBWnxGHnUpVAs/Czof8qaMnkYToYs4emz6SM8y2OrwebT5o3pc/G1wLUGaH9imT9lfZXWPEYKowuzUiNMMdbdupgc2J+Alm/1LGCfoTjrEwq3oSFIgiWOsxnr/78hK7h9QBeogJI=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=uKiHTaykPupSLCOH4Adsqk6F9YA8WelDIV9fG9Cg/A7BFAp9GiIf9X06WkVvsI1/DYSYPrkZGQWVqhXninaIIkNov9l07SbEFjNJSLhrGJK/z6HwiRqyXLhSf/qyX71VHB5t8dUoocAi5dZJ7RFEJxGuuXfoBpp6/f4i6eHWb9E=
In-reply-to:	<20070625215958.25364.qmail@securityfocus.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<20070625215958.25364.qmail@securityfocus.com>
Resent-date:	Tue, 26 Jun 2007 17:58:08 -0600 (MDT)
Resent-from:	pen-test-return-1078484468@securityfocus.com
Resent-message-id:	<20070626235808.50B22143705@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Port scanning is not an exact science, although it should be.

With regard to UDP scanning, a port is determined as open if it does
not respond to probe attempts.  This means that if it responds with an
ICMP port unreachable message, it's closed, it no response is
received, it is thought to be open.

There are a number of reasons that causes a lack of response to a UDP
scan, such as network issues, firewalls, luck!  I find that UDP
scanning, especially over the Internet, is likely to cause conflicting
results.

What do you get for TCP results?
Are you scanning on the LAN or over the Internet?
Have you tried nmap?

Something worth trying as an exercise is to identify all of the open
ports on the local, target system (if you have access to it!).  You
can use a number of tools to do this, but I like fport.  It's a small
command line tools that lists the PID, port, protocol and parent
process.  Run this tool and then compare the locally gathered results
to the port scanners.


On 25 Jun 2007 21:59:58 -0000, crumdub12@gmail.com <crumdub12@gmail.com> wrote:

A Chairde,


   Havin, some issues with scanning stacks on my system.


1. Using Superscan4 ,  I scan stack UDP-TCP 1-65534 , Sometimes I

get no ports open , another time I get 49159 UDP Ports open, only get port 
report, no attempt made to open any ports ... , when get open ports , I always 
get 49159 UDP Ports ...... , use the scanner at 250msecs , takes around 16 
hours to finish.


2. Using Languard, Nessus and Retina , get different scans from each tool, any 
ideas why, how do I find out real ports open.. differences can be 10,000 ports



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



--
Lee J Lawson
leejlawson@gmail.com

"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."

"Quidquid latine dictum sit, altum sonatur."

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Port Scanning Issues, crumdub12 Message not available Port Scanning Issues, Steinar Watne Re: Port Scanning Issues, sherwyn . williams Re: Port Scanning Issues, Jamie Riden Re: Port Scanning Issues, Vijay Re: Port Scanning Issues, Lee Lawson <= Re: Port Scanning Issues, ebk_lists

Previous by Date:	Re: Port Scanning Issues, Vijay
Next by Date:	Re: Mpack, Jerome Athias
Previous by Thread:	Re: Port Scanning Issues, Vijay
Next by Thread:	Re: Port Scanning Issues, ebk_lists
Indexes:	[Date] [Thread] [Top] [All Lists]