Home page logo
/

pen-test logo Penetration Testing mailing list archives

Changing Source Port during Penetration Testing?
From: 09sparky () gmail com
Date: 4 Nov 2006 16:57:41 -0000

Question for PenTester,
Do most of you attempt to change the source port during a standard external Penetration Test/Vulnerability Assessment 
as part of your standard practice?  

If so, how often do you find routers/firewalls that allow for instance port 80, 53, 25, etc allowing you to forward 
traffic?

I am trying to get a better feel for this concept/practice, but I have been having some trouble.  I am aware that "nmap 
-g" option will allow for changing of the source port, but I keep getting similar results back as if I didn't do it.  I 
am assuming that the router/firewall is disregarding the changed source port and not allowing it.

Does anyone have any good suggestions, papers, etc as to how I can get a better understanding of this process? I guess 
I would use netcat or fpipe to create a tunnel once I found a way in, but I am still unclear of how that works also.  

Would it be possible for someone to help me out and explain there methodology/process? (Of course the more details the 
better, but I will take what I can get)


Any help would be great,

Thanks,
Sparky

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault