We can detect or even guess the firewalls used in the target because of the unique ports they use.
for Eg:
CheckPoint listens on the TCP ports 256,257,258,259
Microsoft proxy Server listens to TCP ports 1080 to 1745
Easiest solution to firewall enumeration is to use an ACL (Access Control List)
access-list 101 deny tcp any any eq 256 log ( here 256 is the port number on which the firewall is running)
What is the meaning of above code..?
This code prevents all port scanning techniques on the port 256 and also logs and records it which can be viewed later by the admin.
TOOLS:
scanlogd- An IDS that detects TCP scan
BlackICE Defender -Firewall detecting port scans
Abacus Port Sentry -This is a very good tool.It detects port scans and responds to it.
NukeNabber
snort -IDS and Packet sniffer
Etherpeek
Support The Ethical Hacker !! - Click Here If You Like My Contents !!!
Wednesday, November 18, 2009
Subscribe to:
Post Comments (Atom)
2 comments:
aliyaaa oru padu kashtapedunnunndallo
reallyy agoodd jobbbbb can you post some links.... to usefull websites
da I'll give the links too... Thx for the comment.. do visit here and comment on how to make it more better.. you know that I'm a newbie in blogging ..
Post a Comment