Petr.Kazil_at_eap.nl schrieb:
> <rant warning> Recently I had a worrying experience with my Internet
> provider that might be interesting for some of us.
The policy of the uplink provider is allways a major concern when doing
PTs. For example, it is standard practice to check if spoofed packets can
be sneaked by the firewall. So you need to have a provider w/o spoofing
prevention, something a good provider should have in place.
Your problem with portscans gets even harden when you have to do large
amounts of exhaustive scans. Scanning a /24 for all 2^17 Ports are 2^20
Packets. So you want to be fast, I usualy send about 2000 packets / sec,
covering the range in just a few hours. I usualy find open ports on very
uncommon numbers, like vnc on 55900 and such.
This comes down to the advice to talk with your provider, get an agreement
to get unfiltered and unrestricted access and provide a telefonnumber in
the whois record of your network or ip number, in case you trample someone
elses feet.
--
Mit freundlichen Grüßen
Christoph Puppe
Security Consultant
We secure your business.(TM)
_______________________________________________________
HiSolutions AG Phone: +49 30 533289-0
Bouchéstrasse 12 Fax: +49 30 533289-99
D-12435 Berlin Internet: http://www.hisolutions.com
_______________________________________________________
Received on Jul 05 2005
Intro
