Firewalls: port scanning

Firewalls
(January 1995)

Indexed By Thread: [Previous] [Next]

Subject:	port scanning
From:	padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Date:	Tue, 3 Jan 95 15:11:37 -0500
To:	"firewalls @ greatcircle . com"@UVS1.dnet.mmc.com

>With all this talk regarding port scanning, I was wondering what people are
>using to monitor the unused ports on their firewalls.  I can visualize the
>program which would do it, or even how to configure inetd to do the
>monitoring, but puting ~65000 entries in my inetd file does not "light my
>candle".

Dunno about anyone else but I use a PC that looks for openable ports. So
long as the RTT is in the 20-30 ms range (very local) checking all 65536
is not too bad (less than an hour). Usually I just check the "popular"
ports but for sensitive areas it's worth the coffee break every now and 
again.
						Warmly,
							Padgett

Indexed By Date	Previous:	Re: detecting port scanning From: Barney Wolff <barney @ databus . com>
Indexed By Date	Next:	Re: detecting port scanning From: dorian @ oxygen . house . gov (Dorian Deane)
Indexed By Thread	Previous:	detecting port scanning From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Indexed By Thread	Next:	Terminology From: "Vincent Yau" <vyau @ ortel . com>