[ubuntu-uk] Checking to make sure you are safe...port checking etc.
Paul Morgan-Roach
roachy at roachy.net
Sat Apr 24 09:52:31 BST 2010
On Fri, Apr 23, 2010 at 8:46 PM, Jon Spriggs <jon at spriggs.org.uk> wrote:
> Just to explain why the ping test is probably in Shields-up, is that...
>
> In times long-gone, and around about when Shields-Up was being created,
> many people would be using Dial-up, and even getting a ping from an IP
> address in a dial-up range would make you a fair target (as it was likely
> that would be an unprotected host).
>
<snip>
Just to add to this comment, if someone was searching for a target, then it
takes less time to only port scan targets that are visibly "there". The
main reason why ping being enabled is a problem is it makes it more likely
for you to be scanned against particular service ports thereafter, however
with an appropriate firewall policy and security policy (eg using fail2ban -
www.fail2ban.org if running an ssh server)
For example, if you were to nmap scan an entire /24 internet subnet (254
hosts) on all service ports using the -PN switch (do not ping) in nmap, that
would take a long while - the checks would be carried out against all hosts
and all ports would be tested regardless of whether they were pingable. This
is not necessarily a desirable result, as primarily, it will take *ages* to
complete the scan - therefore it makes sense to verify the targets first by
pinging them, thus reducing the time taken to run a scan.
There are many (thousands of) other options for scanning, and if you are
interested in learning more then the nmap book by Fyodor is a great
resource, and is available as a free, truncated version online
http://nmap.org/book/toc.html. IMHO nmap is an invaluable tool for testing
firewall configs, mapping networks, and even for identifying machines that
exist on your own network, when you might have forgotten what they do or see
some unusual activity from them in your firewall logs (nmap -sS -sV -O -PN
192.168.1.55 will tell you in most cases the operating system, open ports,
application versions using those ports and the operating system of a host!)
Kind regards
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20100424/59e2b91f/attachment-0001.htm
More information about the ubuntu-uk
mailing list