RE: port scan

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon Oct 09 2006 - 21:37:38 ART

• Next message: Jung-I Lin: "Question about WRED with ECN"
• Previous message: Rodrigo Paes: "Re: port scan"
• Maybe in reply to: ccie4u: "RE: port scan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

        That's why you configure an exception list to specify which
hosts cannot be shunned. Granted the configuration may be excessive but
you can still build a stable configuration to get around the design
problem you mentioned if you take the time.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Rodrigo Paes
> Sent: Monday, October 09, 2006 6:12 PM
> To: security@groupstudy.com; ccielab@groupstudy.com
> Subject: Re: port scan
>
> I always though of shunning features as a shot in the foot... imagine
> if someone does a port scan using ... lets say... the DNS root servers
> ip addresses, or some other IP they know its heavily used.... it's a
> great DoS attack :D
>
> my 2cc
>
> []s
> Rodrigo Paes
> CCIE #14054 (R&S and SP)
>
>
> On 10/9/06, ccie4u <sales@ccie4u.com> wrote:
> > A port scan is as it sounds - someone is using a tool or utility to
scan
> > your IP to see what ports are listening and responding. This
provides
> them
> > information on what ports and services you have running. They can
then
> > tailor an attack to those specific ports. You can't really stop
someone
> > from scanning your ports unless you have some software or hardware
that
> does
> > intrusion detection.
> >
> > With some intrusion detection hardware and software applications, it
> will
> > detect a port scan and temporarily or permanently block all traffic
from
> > that source IP address. Of course if they are spoofing their source
IP
> > address it won't be all that effective.
> >
> >
> > Hope that helps.
> >
> > Ian
> > www.ccie4u.com
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> 2nd
> > CCIE
> > Sent: Saturday, September 23, 2006 3:50 AM
> > To: security@groupstudy.com; ccielab@groupstudy.com
> > Subject: port scan
> >
> > Folks ;
> > I am trying to know more about port scan attack ..i have not find
a
> good
> > source so far ..no much posts in this list about this type of attack
> >
> > can someone give some input or link about port scan and methods of
> > stopping it ?
> >
> > appreciate in advance
> >
> >
> >
> > ---------------------------------
> > All-new Yahoo! Mail - Fire up a more powerful email and get things
done
> > faster.
> >
> >

• Next message: Jung-I Lin: "Question about WRED with ECN"
• Previous message: Rodrigo Paes: "Re: port scan"
• Maybe in reply to: ccie4u: "RE: port scan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:04 ART