On Wed, 27 Jun 2001, Tony wrote:
> netstat -an ought to do it.
That only gives the "which services are running" part of the picture.
Use "ipchains -L -n" to find out how the firewall is configured. You
probably want to concentrate on the input list, and work your way down the
list one rule at a time. It _is_ possible to ask ipchains how it would
respond to a particular packet, but you have to specify all the pertinent
values to get it to work, which can be error-prone.
>
> Tony
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Sean E. Covel
> > Sent: Saturday, June 09, 2001 14:52
> > To: [EMAIL PROTECTED]
> > Subject: [Leaf-user] Firewall testing
> >
> >
> > I've been conversing with the "Expert Team" at PC Flank
> > (http://www.pcflank.com./) about their scanner. So far they
> > have asked
> > for additional information about my firewall, but have not
> > defended the
> > results.
> >
> > So.... How can I verify that a certain port is/is not open?
> > The report
> > I got noted port 3128 (which Firewall Forensics says is "squid") was
> > "open". Later in the report it said all the trojan ports were open
> > (27374, 12345, 1243, 31337, 12348) (I doubt it!) How can I be sure?
> >
> > As far as the "spoofing" and why they would want to do it... Anyone
> > running portsentry? Ever gone up against "Shields Up" or
> > "DSL Reports"
> > tests? What happens? After a few scans from the same IP, they end up
> > in hosts.deny and a firewall rule is added, both automatically. Once
> > that is done, further scanning is moot. My first run against PcFlank
> > noted more ports open than what I listed above, so I checked out my
> > network.conf. The variables EXTERN_UDP_PORTS and EXTERN_TCP_PORT had
> > some ports listed (_domain _ntp _bootpc)(_smtp). I cleaned those up
> > (had to leave _bootpc(?) for dnsclient) and the next scan listed fewer
> > ports. Neither "Shields Up" or "DSL Reports" got far enough along in
> > their scans before portsentry kicked in to see those other ports!
> >
> > So, once again, how do I tell for sure if the above listed ports are
> > open/visible/stealth?
> >
> > Thanks,
> >
> > Sean
> >
> > P.S. Did you run the "advanced" test. Take a look at your
> > logs. What
> > a mess! What does it all mean. Did LRP really pass the test?
> >
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/leaf-user
> >
>
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-user
>
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
