Firewalls: Re: Port Scanner

Firewalls
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Port Scanner
From:	sjbrown @ bellsouth . net
Date:	Sun, 10 Aug 1997 02:06:41 GMT
To:	dolittle @ israelmail . com (Noam Rathaus)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<33DE2C1D . BEA955A9 @ israelmail . com>
References:	<Pine . LNX . 3 . 95 . 970729231608 . 31450t-100000 @ nimue . jammed . com> <33DF443B . 75D7 @ cvps . com> <33DE2C1D . BEA955A9 @ israelmail . com>

On Tue, 29 Jul 1997 20:45:01 +0300, in muc.lists.firewalls you wrote:

>Jeff Monder wrote:
>> 
>> I have a few questions about scanners for the group...
>> 
>> Regardless of the tools you use, I don't think you can avoid keeping
>> current, doing constant research and manually checking filter syntax
>> and
>> host configurations.  I haven't tried any commercial scanners, so I
>> was
>> wondering:  Aside from user interface, how do these commercial
>> scanners
>> differ from what can be accomplished with a suite of freely available
>> programs like netcat and others as aids in performing security audits.
>> 
>> I have no intention of implying that there is anything wrong with
>> commercial scanners or the use of them.  I just have a few
>> philosophical
>> questions about their use and about justifying their purchase:
>> 
>> While existing weaknesses are covered in a well-designed scanner's
>> algorythms, isn't there a risk that future discovered weaknesses won't
>> be there (or won't be there in a timely fashion)?  By relying on code
>> hidden behind a front end, and on a vendor for keeping up with new
>> developments in security, are you replacing knowledge with faith (not
>> necessarily yours but your company's)?  If a company is spending big
>> bucks on a tool, won't it make the assumption that it will replace a
>> good bit of manual labor?  Isn't there an implicit assumption that you
>> will now be able to rely on this tool to do things that previously
>> took
>> more time?
>
>I think u are completely correct, using a normal sniffer and looking
>for strange connections or abnormal packets (if u have the knowlage)
>is alot more efficent than any front-end security suite.

You are telling me that having a monitoring system is alot more
important than having the doors locked?  And where do you live?  I
think both are important as I wouldn't leave home without checking to
make sure I have fixed all the known holes to get into my network, and
have a monitoring system in place for people who try to get in
anyways.


-- Steve

Follow-Ups:

Re: Port Scanner
From: ArkanoiD <ark @ paranoid . convey . ru>

Indexed By Date	Previous:	Re: checkpoint and nt problem From: "Chris Kostick" <christopher . t . kostick @ cpmx . saic . com>
Indexed By Date	Next:	Re: Port Scanner From: sjbrown @ bellsouth . net
Indexed By Thread	Previous:	Test please discard From: juanjl @ meta4 . es
Indexed By Thread	Next:	Re: Port Scanner From: ArkanoiD <ark @ paranoid . convey . ru>