Best way to port scan internal network?

Discussion in 'OT Technology' started by DatacomGuy, Sep 29, 2003.

  1. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    Trying to ensure that my network is safe.. so I want to port scan my own network, but from inside my network going out.

    Best way to do this?

    Rob98ZJ had a theory that I could enable all the ports on my home machine, and then scan my home PC and see what I get..

    Would this work? Any other theories?
     
  2. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA
  3. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    Will NMap do internal network from within? I've always used it for the opposite..
     
  4. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
     
  5. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
  6. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    nmap > *
     
  7. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,617
    Likes Received:
    39
    Location:
    Atlanta, GA
    nmap is what I use for port scans as well, but I am not sure exactly how to use it to determine what can and can not go through a firewall.

    You really need a machine on the outside which has a lot of the common ports open, then scan that from the inside and see what gets through.

    If it truely is a proxy then there is the chance that it won't let ANY raw connections through no matter what the port.
     
  8. Little Spunky $#!T

    Little Spunky $#!T :cool:

    Joined:
    Jul 16, 2001
    Messages:
    3,539
    Likes Received:
    0
  9. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA
    If you want.. I or Rob can probably just Nmap against your firewall and send you our results..

    If you want help, just PM me or IM me either way..
     
  10. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,617
    Likes Received:
    39
    Location:
    Atlanta, GA

    I was thinking the same thing, but that will not always work. What the firewall will let in is going to be a hell of a lot more secure than what it lets out. Or at least it should be. You really have to be on the inside and see what you can access on the outside.
     
  11. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA
    Of course, atleast he can see what's happening on both ends and see what's going on..
     
  12. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    Well I got back a boring answer.



    "You have blocked our probes on all ports!".
     
  13. Bubbles

    Bubbles OT Supporter

    Joined:
    Jan 2, 2002
    Messages:
    8,768
    Likes Received:
    3
    Location:
    In Jail with my Kitty
    this is what i use

    SuperScan is a TCP port scanner, pinger and hostname resolver

    It can:-


    · perform simple ping tests to tell whether a remote computer is alive
    · resolve hostnames into IP addresses and reverse lookup IP addresses into hostnames
    · attempt to connect to other computers on a TCP network to see what services they are running
    · read responses from connected hosts
    · scan from a range of addresses and ports
    · scan from a list of ports
    · scan from selected ports from a list
    · scan a list of hostnames contained in a text file
     
  14. Bubbles

    Bubbles OT Supporter

    Joined:
    Jan 2, 2002
    Messages:
    8,768
    Likes Received:
    3
    Location:
    In Jail with my Kitty
    You have blocked all of our probes! We still recommend running this test both with
    and without Sygate Personal Firewall enabled... so turn it off and try the test again.

    hahah, I don't have sysgate installed, its a smoothwall box doing it
     
  15. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA

    Well that looks to be a good thing then.. Now you just need someone to run Nmap on all 65k ports to see if there is anything on there.. Then I would think your doing pretty well.
     
  16. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,617
    Likes Received:
    39
    Location:
    Atlanta, GA
    Guys, seriously. None of these port scans from the outside are going to tell you anything. The ultimate goal here is to find out what Steve can get OUT from the INSIDE. I can set firewalls rules that let all kinds of stuff out, and their returning response back in, but at the same time have EVERY port blocked from the outside.

    Take even my simple Windows XP firewall. If you were to port scan my machine right now the only thing you would see open is RDP. This sure doesn't mean that the only thing I can use on the inside is RDP. I can use HTTP, FTP, any p2p, infact I can use all the normal stuff I would if I didn't have a firewall.

    Hope this all makes sense. :)
     
  17. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA
    Well then he needs to run NMap from the inside.. I don't see why then we are still discussing this and he ran the port scan from the outside..

    It's still very important to test from what can come in from the outside..
     
  18. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    So lets go over this again.

    What can I use to port scan from the inside --> out? How would I use NMap? Won't let me port scan local loop..
     
  19. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,617
    Likes Received:
    39
    Location:
    Atlanta, GA
    Here try this. From inside your network portscan 35.11.218.45 and see what is open. If 22 or 80 shows up then you should be able to use both of those ports. Then try to portscan 35.11.218.39 if 3389 (RDP) is open the you should be able to use that.
     
  20. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    :bash: Another road block. http://forums.offtopic.com/showpost.php?p=13328798&postcount=12
     
  21. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
  22. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL
    It's not so much that.. its more like trying to find a commonly used higher # port that would be open so I can get out..
     
  23. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    hmmm, i think i understand your problem now....
     
  24. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    is this going to be developed into a peice of software? or is this a one-time shot deal?
     
  25. DatacomGuy

    DatacomGuy is moving to Canada

    Joined:
    Oct 14, 2002
    Messages:
    16,546
    Likes Received:
    0
    Location:
    Tampa, FL

Share This Page