Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Avaya lays out roadmap for unified software management
Sidecar app for iOS, Android seeks to give smartphone voice calls overdue respect
Medical firm avoids Exchange nightmare with outside help
Cross-browser worm spreads via Facebook, security experts warn
Chrome streaks past Internet Explorer to become world's top browser
Linux kernel 3.4 released
Windows RT management could be a key to success for Windows 8 tablets
Windows 8 Update: Windows 8 wows AT&T Mobility
Google-Motorola Mobility merger will be done this week
Survey: BYOD sparks enterprise investment in Unified Communication and Collaboration
Privacy advocates fear CISPA
Big cable companies pooling Wi-Fi hotspot resources
How to avoid 5 common email management mistakes
Android remote access app shootout
/

Looking out for scans

By Mark Gibbs
Network World, 12/04/00

A couple of weeks ago we apologized for misprinting a URL and gave, in its place, a URL that was still wrong. We are wincing at this double faux pas, and this week we offer the correct URL: ftp://www.isi.edu/in-notes/iana /assignments/port-numbers.

Another correction we need to make concerns the Windows NT version of nmap that we discussed last week. Reader f@d3r (obviously not his real name) commented, "Your column says that there are a few limitations. This is incorrect. The program is/was a publicity stunt by eEye. Try to actually use the program. Foundstone provides a much better command-line port scanner."

F@d3r is correct about using the program -- our comment that the limitations weren't anything you couldn't live with were based on the documentation provided by eEye.

A couple of days after writing the column, we tried to run the program but we got missing Dynamic Link Library calls and apparently wrong DLL versions. We gave up. If anyone at eEye reads this, let's exchange messages and find out how to get nmapNT working.

Be that as it may, f@d3r's recommendation of tools from Foundstone is an excellent one. On the Foundstone site you will find some interesting tools, and they are all free.

Attacker is a port listener that acts like a watchdog. Whenever a connection is made to a port, Attacker displays the source IP address and port, and the destination port. Attacker also can alert you with a sound -- the default is a klaxon but we substituted a bark instead.

The tool that f@d3r alludes to is Fscan, a command-line port scanner that has more than a little hacker quality to it. For example, Fscan can be instructed to randomize the order in which ports are scanned -- a feature that is only there to make detection of being scanned harder -- and there's an option to suppress pings (usually sent before scanning to see if the destination is actually there -- when your subnet is pinged in sequence, it is a dead giveaway that someone, somewhere is up to no good). Fscan can also run multithreaded (up to 256 threads under NT but only 20 under Windows 9X). Definitely cool.

We also liked Foundstone's Superscan -- essentially Fscan with a windowed user interface. Superscan provides a nice display of its results in a hierarchical tree.

Foundstone's free tools are extremely impressive. They get a Gearhead Legion of Honor award.

Finally, an important configuration issue with Superscan is which ports are to be scanned. We strongly recommend that you enable all ports and then scan all of your own network -- you may be surprised at what you find.

We just found that our NT server appears to have Back Orifice installed . . . guess what we'll be writing about next week?

Tell us your Back Orifice stories at gearhead@gibbs.com.

RELATED LINKS

Comments and suggestions to gh@gibbs.com.

Gibbs Forum
The place to discuss Gibbs's columns.

Check out this week's edition of

Backspin for more musings from Gibbs.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.