dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads




2.0 DSLR Port Scans

A basic port scan is available. (Under the Tools menu item)

It is implemented as a java applet that simply reports back the results of a port scan done by the server. This scan simply reports on a few common vulnerabilities.

The slightly more extensive scan system has a queue, as each test can take a while. There are usually a few people 'waiting' in this queue so the scan is not instant.

edited by KeysCapt See Profile
last modified: 2004-02-01 05:18:02

Nmap, nbtstat, queso, smbclient, targa and whatever the latest flavour of ping of death programs are used (optionally - if selected by you), and a perl script with various modules controls it all.

by KeysCapt See Profile
last modified: 2004-02-01 05:18:42

A modern port scan tool is used (nmap) and this attempts to identify the machine signature, and any vulnerable services running on it. If NETBIOS ports are open (indicating it is a Windows machine), then we attempt to talk to your netbios to see if there are any shares or printers visible, and to query your machine name and domain name.

If you requested 'ping of death' tests, then some ping of death packets are sent to your machine, to see if this will crash your operating system.

If you have a Cisco router, it is probed to see if the IOS is protected or not.

None of these default tests will damage anything. It is possible, but only remotely, that the 'ping of death' tests could cause disk corruption since the OS may freeze in the middle of writing a file. If you are not using your PC for something else, this is extremely unlikely. (Turn off your defragger if you run that overnight though!).

by KeysCapt See Profile
last modified: 2004-02-01 05:21:03

To ensure the IP is yours, but without causing a blizzard of email, the site is setup to look out for FTP or Telnet requests from hosts targetted for scans.

If a request is logged, this releases the scan. Therefore, if your scan has gone into hold status, you must find some way of running an FTP or Telnet request to this site to release it.

by KeysCapt See Profile
last modified: 2004-02-01 05:22:48

We keep logs of vulnerabilities found, but with the IP address REMOVED.

Why? Because we want to publish summaries of the security vulnerabilities we fiind. At no time will we reveal your IP address associated with the security scan results. Even the email of results do not reveal your IP address.

by KeysCapt See Profile
last modified: 2004-02-01 05:23:36

Just because you have open ports, or a visible computer name, or visible shares, or crash out when sent certain ping packets, do not rush out and buy the first security package you can find.

Simple things like turning off file sharing can be enough while you do some further reading.

That said, if you use IRC and ICQ a lot, and tread on the toes of strangers online, then you should probably at least run a software firewall. It is also highly recommended that you install some type of virus scanner and keep its virus definitions updated. You can find more information to help in the Security Forum.

by KeysCapt See Profile
last modified: 2004-02-01 05:27:30

At this point there are simply too many possible choices to recommend any particular brand of firewall.

Zonealarm for Windows platforms is popular and has a free version.

An ipchains firewall script in your startup is recommended for Linux.

Netbarrier seems to show a lot of information for Macintosh users.

by KeysCapt See Profile
last modified: 2004-02-01 05:47:07