RE: UDP Port Scan

Becker, Pat (ISSAtlanta) Fri, 14 Apr 2000 09:11:10 -0700

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Without knowing the particulars of your situation, let me respond to
your query.  There are a number of questions I would ask if I were in
your shoes.

1.  Do you have UDP services that you are tyring to protect, or is
information being leaked about your network?  For example TFTP and
SNMP are 2 UDP-based services that have been notoriously weak in
security.

2.  Can the traffic either be blocked and not significantly impact
the operation, or could decoy services be deployed so that a intruder
is flooded if they connect to a port that is not being used.

3.  Could the firewall be used to log and limit access?

The bottom line is that having connectivity to the net through an
innocent DSL connection will draw several ports scans per hour. 
There's not that much to do about it.  If things are setup correctly
the firewall sees the UDP scans, but it does not succeed in
connecting to machines "inside" the firewall unless their is
legitimate need to.

Hope this helps,

Pat Becker
Sr. Development Engineer/RealSecure
Internet Security Systems, Inc.
[EMAIL PROTECTED]

- -----Original Message-----
From: Fontelera, Jaime C. [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 04, 2000 12:57 PM
To: ISSForum (E-mail)
Subject: UDP Port Scan



TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
problems!
- ----------------------------------------------------------------------
- ------


I get UDP port scan on my firewall at least 5 a day.  How does one
respond
to a probe ?

Any suggestions ?

Thanks,
Jaime


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQCVAwUBOPU0VrC0aGNAqc2xAQF3LQQAtldysDrVE/khJ5bjvybi5HdLpZsdKqXj
TmwyRD50vR7M58lLu+/KsR6KI5FOEav/ElxHE2j8QLtjbr5q0RKdWZOu+dqthISd
0HTLqtXKuDnxj2Eq6EA6gM4zS0CghdvdkHKYmoj9IzaLTueBPwlp/voI0OmzTbJ1
k89JJIBPYSo=
=r9UH
-----END PGP SIGNATURE-----
RE: UDP Port Scan

Reply via email to
