Re: Source port scanning w/nmap?

[Jonathan Glass <jonathan.glass () gmail com>]

Many machines with host-based firewalls (linux iptables), allow a source 
port of 53 (DNS) through the firewall, but nothing else.  Similarly, 
Windows IPSEC policies, when used as a primitive firewall, ALWAYS allow 
through any packet with a source port of 500 (IIRC).  So, although these 
hosts may ignore a normal scan, by generating your scan from one of 
these source ports, you could potentially gain access to more ports on 
the box than the system owner intended when they configured the firewall.

Jonathan

dissolved wrote:

> Thanks. When you say "some hosts may not allow connections from every port"
> ...what do you mean?  This is where I get confused.  What is the purpose of
> source port scanning? To just find live hosts? Do you use ping sweeping in
> combination with source port scanning?
>
> -----Original Message-----
> From: Johannes Schneider [mailto:ichhabekeineemail () gmx net] 
> Sent: Sunday, July 03, 2005 6:29 PM
> To: dissolved
> Cc: security-basics () securityfocus com
> Subject: Re: Source port scanning w/nmap?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> dissolved wrote:
>  
>
> > Can someone please assist me with doing source port scanning with nmap?
> >    
> I've
>  
>
> > read the MAN page and do not see this switch listed.
> >
> > Is it --source-port <port number>?
> >
> > Thanks
> >
> >
> >    
>
> try nmap -sS -g [source port] [more options] [address2scan] as root. you
> cant do nmap -cS -g [...] [...] [...].
>
> if i understand it korrekt, the sourceport is the port you use to send
> ur scan-pakets to the host. its usefull to scan hosts wich dont allow
> connections from every port.
>
> greatz Johannes
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCyGaysVM05bj27BsRAjeoAJ9cR5kCWx7xnU/3iU/O+O/6KrLZ+QCgt/9A
> 94CQ6bYQ72riheBEsJ/n0Gs=
> =hRzW
> -----END PGP SIGNATURE-----
>
>
>