Rob writes:
>port 53, and 15% goes to other ports. This other 20% is being missed by >firewalls and Back Officer Friendly type products.
Yeah, it's easy to miss that stuff with a simple tool. To catch
it more reliably you need to perform traffic analysis on the
session. We can do that kind of stuff with an NFR engine but
that's waaay overkill for a desktop. BackOfficer Friendly is not
intended to detect everything, and only will catch the "standard
scans" when they hit your machine. Still, I find that useful
since most of the wide-range scanning is looking for folks who
are running BO on default ports. One of the objectives of BOF
was to get people to realize that they _are_ being scanned when
they are dialed/cabled into public networks. Raising the level
of awareness is a good thing, IMHO.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
Received on May 05 1999
Intro
