#1  
Old 24-March-2002, 20:43
squidgy
Guest
 
Posts: n/a
Red face Question about open ports

Ahem, I hope it's okay to ask questions like this here ...

Anyway, I suspect that my (shareware but not yet registered) port scanner is missing open ports sometimes. It's Necrosoft NSCAN for Windows.

Reason is, I'm led to believe that if you use Freeserve, any attempt to connect to port 25 of any remote host will be redirected to their own outgoing mail relay. So it stands to reason that if you sign up for Freeserve No-Ties, connect to your new dial-up and then use a port scanner to scan port 25 of a random range of IP addresses, every single one of them should show as open.

Now, whenever I've tried this, a very substantial number of them do actually show as open, as you would expect. But it seems to miss a few of them out. However, telnetting any of them shows up the Freeserve mail greeting 220 mail17.svr.pol.co.uk ESMTP Exim 3.35 #1, even the ones the port scanner missed, again, as you would expect.

So why is my port scanner missing some? Any ideas? I'm using Windows 98SE, and I am aware that Windows 98 has less "sockets" than Windows NT, so port scanners won't run as fast on Win98SE. But I think you should still find all the open ports, even if it's slower. I really don't fancy the idea of wasting bandwidth by using the port scanner twice on the same range of real IP addresses on the suspicion that the damn thing isn't working properly. Thanks.

Last edited by squidgy; 24-March-2002 at 20:47.
Reply With Quote
  #2  
Old 24-March-2002, 20:50
Ian's Avatar
Ian Ian is offline
 
Join Date: Apr 2001
Location: Down South
Posts: 3,266
Default

Try scanning each "different" ip more slowly, it may be limiting the number of simultaneous connections (or something )
Reply With Quote
  #3  
Old 24-March-2002, 23:08
The Beef's Avatar
The Beef The Beef is offline
我們被注定
 
Join Date: Apr 2001
Location: From Southport
Posts: 2,114
Default

Isn't port scanning illegal? Squidgy, what is the point of port scanning and what will you gain from it? BTwW I know of another free scanner with no pop ups if your interested?
__________________
Beef.

"Thinking about what you might not be able to control, only wastes time and energy, till it eventually becomes your enemy."
Reply With Quote
  #4  
Old 25-March-2002, 02:03
squidgy
Guest
 
Posts: n/a
Default

Point of using port scanner? You find FTP sites, and perhaps web sites, news servers and chat servers that aren't listed in search engines. It can also be a good way of finding proxy servers, if you ever need one for any reason.

No, it's not illegal, or at least last time I checked it wasn't. Some people frown upon it, but here's my "conspiracy theory" opinion. Search engines are controlled by big media companies that are only interested in advertising revenue. They want you to use the search engine so that you see the ads and the sponsored links. Using a port scanner, however, completely bypasses that. So they don't like it. Which is why they want you to think that port scanning is bad. And big media companies are in a position to be able to change the opinions of a large number of people to suit their own agenda. There - I've said it. But how do you think that the original search engines built up their list of links in the first place, if it wasn't by using a port scanner? Beats me, to be honest. Nowadays, a new search engine can just follow links in existing web pages and existing search engines, but the original one can't have been able to do that. Okay, so maybe it could have trawled through a few newsgroups, but again, it would have needed to find news servers first to be able to do this, so, personally, I doubt it. They must have used port scanners. I'd be incredibly surprised if you were able to prove to me that port scanners have never been used by anyone either running a search engine, or planning to set one up, past or present, in an attempt to facilitate, or automate, the expansion of the list of links in its database.

Yeah I might be interested in the one with no popus actually, beef, thanks. Pretty sure this one isn't spyware, though, because I had Tiny configured to allow it to connect to the IP and port ranges I wanted to do, but block everything else. So I've upped its permissions so it can do pretty much anything now. The only other program which I configure firewall to allow it to do pretty much anything is the FTP client SmartFTP, and this is much more than can be said of the permissions I've set up in Tiny for Internet Explorer.

Okay - under the options, there's a "Windows Socket" section, which contains the following boxes ....
  • Socket limit (currently set at 97 though I've noticed that this setting changes by itself when its running)
  • Update (currently set at 3 seconds)
  • Dynamic socket allocation (currently ticked and set to 500 max)
  • Cleanup timeout (currently set to 30000ms)

Then there's a "speed" section, which contains the following ....
  • Synchronise by (currently set at 1ms)
  • Speed limit (currently set at 470000 bytes/sec)

And that's it. I pretty much understand everything else in the configuration options. Well, except the stuff about packet customisation and "OOB data", but I can't see that I'll need to use that anyway, so I've disabled it.

Thing is, I thought it was supposed to be clever enough to wait for free sockets. I'm aware that other software (such as mail client, browser, FTP client, even Tiny Personal Firewall itself) isn't clever enough to do this, and tends to fall over when the port scanner is running - that is, with the example of TPF, it will still work, but you might have to try repeatedly to get into the administration menu or status window if the port scanner is running. But - perhaps I'm mistaken. I'll try dropping the speed limit then, and see if that makes a difference, and play about with the other settings until it works. Thanks for the help.

Last edited by squidgy; 25-March-2002 at 02:52.
Reply With Quote
  #5  
Old 25-March-2002, 05:28
The Beef's Avatar
The Beef The Beef is offline
我們被注定
 
Join Date: Apr 2001
Location: From Southport
Posts: 2,114
Default

Ok the info pageand download link for the port scanner I mentioned is HERE
I've been playing with this one, but can't really get my head around it!
It was acutally you who caught my attention concerning P.S's when you posted about doing multiple scans with teen4free ip addresses.
I've also tried the one you use but am at a loss with the info it throws up.
I too would like to search for hidden sites, ftp, sites ect but am not sure how to do it.
I ran a range of scans with the teens4free ip adresses and got nothing. I remember you mentioning you found dome comps with Mp3's on.
Also I asked an internet friend if I could scan her ports and gpt nothing, She isn't running a firewall either.
If you have the time could you please give some tips to me on how to go about things?
Your theory seems to be quite solid concerning port scanners. Although I do feel a little aprehensive when plahying with my one.
Strange I actually felt like a naughty boy.
I've heard of people being booted off their Isp for scanning ports and I wouldn't like it to happen to me

Cheers
__________________
Beef.

"Thinking about what you might not be able to control, only wastes time and energy, till it eventually becomes your enemy."
Reply With Quote
  #6  
Old 25-March-2002, 07:42
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default

thats the one I use beef - very recommended

Sil
Reply With Quote
  #7  
Old 25-March-2002, 09:36
squidgy
Guest
 
Posts: n/a
Default

Thanks, I'll have a look at that. :)

Actually, I know I've harped on about search engines, but, of course, I have no intention of setting up my own search engine. Here's a different way of looking at it - and, beef, hopefully it'll give you a few hints about narrowing your searches too.

Say you see a link to a web page, and it goes http://hostname.com/directory/file.html

Now, you could consider that to be a link to everything. So you check http://hostname.com/directory too, to see if there's an index page or listing for that directory. Similarly, you have a look at http://hostname.com

But then you think, hmmm, I wonder if it's virtual hosting, and if there's anything the IP address gives you? So you look up hostname.com in your DNS client, and it gives you an IP address, a.b.10.15 or something. You stick http://a.b.10.15 in your browser and see what it gives you.

Then you think, hmmm, I wonder what other IP's are in the range? So you look up a.b.10.15 in a whois client, and it says the range goes from a.b.0.0 to a.b.255.255. So, next thing is, you unleash the port scanner to check port 80 of some of the IP's in that range to see if there are any other web sites. Any open ones, you look at in your browser and see if there's anything interesting there.

That's basically the principle I've been using. Web sites on port 80 is merely intended as an illustrative example, but obviously a similar thing goes for FTP sites on port 21, or news servers or chat servers on whatever port, or anything else. You have to know where you're starting, which usually means finding a link to something that you find interesting in the first place. So you're merely using a port scanner to find more of the same kind of thing. You won't really get very far just doing random addresses.

Also, a whois client is incredibly important, you don't want to waste time scanning addresses which are actually reserved for local network use and therefore don't actually appear on the internet. Similarly, a whois client is likely to give you some idea of whether the IP addresses you're interested in belong to dial-up users, DSL users, an educational establishment, or a hosting company, or whatever. Using a port scanner is very bandwidth intensive, and takes time, during which, you're unlikely to be able to use your internet connection for anything else. So it makes sense to do a bit of background research on your target first, and don't do too many IP addresses in one go.

So far, I have only ever scanned a single port on a range of IP addresses from a particular block. I've never scanned more than one port on any given IP address, though, because a) despite what I've said about defending scanning, I still think that scanning multiple ports on a single host really is slightly rude, and b) if you're looking for a particular type of service, it's only likely to be on one particular assigned port number anyway, eg 21 for FTP, 80 for web sites, or whatever default port number is used for any chat server program. So there's not a lot of point looking for other port numbers, and you're really wasting your own time and bandwidth if you do it, as well as perhaps someone else's. Ok, sometimes servers are hosted on non-standard port numbers, but looking for those with a port scanner is like looking for a needle in a haystack, you're only really likely to find services on non-standard port numbers if you actually find a link to them.

Also - will you get into trouble? If you scan multiple ports on a single host, very probably yes. But if you scan a single port on multiple hosts, very probably no, since there's no way for each host to tell whether you're using a port scanner or merely following a link unless they happen to run a server to catch it, and even if they do, it won't be conclusive anyway. Besides, someone who hosts a web site or other sort of server in an attempt to publicise their business is hardly likely to be rude to you, the potential customer, on the grounds that they suspect you've found them by using a port scanner, rather than by following a link on a web page, in a newsgroup or in an email message.

Hope that all helps.

Last edited by squidgy; 25-March-2002 at 10:08.
Reply With Quote
  #8  
Old 25-March-2002, 12:33
squidgy
Guest
 
Posts: n/a
Default

Beef - I've downloaded GFI Lanscan - and I think I can see why you're having difficulties! I can see how to specify a range of IP addresses, but for the life of me, I can't see where you specify a list of port numbers.

Here's a screenshot of Necrosoft NSCAN.


Okay, admittedly I've edited out the first two numbers of each IP address, because I don't want to make it too easy for you! But suffice to say, it's a range for which I found one IP address in an FTP search engine anyway, so it stands to reason that you'll find other FTP servers in the same range.

Now, as you can see, you select "Host range" and "Port ranges list" from the appropriate menu. Then you just put in the initial host and final host in the appropriate boxes. And since I'm only interested in FTP servers this time, I put 21 in the port range box. Then click Start (which is where the Stop button appears - it changes to Stop after you've clicked Start) - it scans that range x.x.56.0 to x.x.56.255 but it only checks port 21. It doesn't check anything that the server does, like allow anonymous log in or anything, it just checks to see if it can actually make a TCP connection to a server on that IP address and port number, or not. It does nothing else.

So - how would you go about doing this in Lanscan? Is it possible? To scan a range of ports when I'm only interested in one port really would be a waste of bandwidth. Lanscan seems to be too complicated and have too many frills, but I'm not interested in network security vulnerabilites, I just want to find servers with content. You could check each one manually with a browser, ftp client, chat client or telnet client, but that's far too much hassle when you can use a no-frills port scanner to do it automatically. Is it possible to do this in Lanscan? To be honest, the thought of using some program that goes and investigates thousands of security vulnerabilities all by itself, and can't be configured NOT to, alarms me - it's bound to attract the wrong kind of attention. Thanks.

Last edited by squidgy; 25-March-2002 at 13:24.
Reply With Quote
  #9  
Old 25-March-2002, 15:40
onomatopoeia onomatopoeia is offline
Professor Yaffle
 
Join Date: Dec 2001
Location: on the bookshelf
Posts: 159
Default

RFC1918 documents the address ranges reserved for local network use. A whois client is not needed for that You should never see them on an internet connection unless they are being spoofed or someone has misconfigured a router (this happens on a not too infrequent basis).

Try to avoid port scanning any IP ranges that belong to Demon internet. Customer accounts are all static IP and a lot of them read their log files of intrusion attempts and report to the relevant ISP assiduously.

I suppose if you are using throwaway 0845 dialups then it won't bother you too much. A lot of VISPs have pretty vague T&C and AUPs due to them having no clue, but they will be forced to take action if enough complaints are recieved as their upstream provider will start to lean on them.

I wouldn't have thought scanning port 80 would achieve much nowadays since almost everyone is using name based virtual hosting in HTTP/1,1 to cut down on IP address use.
Reply With Quote
  #10  
Old 25-March-2002, 15:57
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default

So - how would you go about doing this in Lanscan? Is it possible? To scan a range of ports when I'm only interested in one port really would be a waste of bandwidth.
- yes it is possible - I'm not on my PC currently but I can take a look later.

Beef, ppl do get booted for scanning IP ranges..

perhaps we can organise an IP scanning night in the chat room ?

39ster is always there an doesn't mind if you scan him - actually he might mind so don't do that, or ask him first

Sil
Reply With Quote
  #11  
Old 25-March-2002, 18:58
squidgy
Guest
 
Posts: n/a
Default

39ster? He got a static IP then? Lucky thing! Of course, if ono wants to PM me with his static IP address, then, of course, I can make a point of configuring my firewall so that no program will be allowed to connect to it. My total guess, though, judging from info from your web site (which I don't believe you host yourself), is that it might be 158.152.225.9 - I don't know if that's right, but I'll configure my firewall to block it anyway. (PS I think your cat is really cute )

Believe it or not, I do actually respect the people who host the servers I find. And I never publish information about them. Why? Well, I'm the one who has paid for the bandwidth to do any given scan in the first place, so I figure I should get first refusal on any content I find as a result. I don't want other people to hammer servers that I find, because I figure that will increase the chance of them being taken offline completely, and will reduce the chance of me being able to go back to them later. That's also why I've used Paintbrush to edit part of the IP address out of that screenshot. And, as I've said, I think there's a very important distinction to be made between actually scanning, and anything you might do with the results of a scan.

As for Lannetscan ... bear in mind that I'm using Windows 98, so I always get that popup saying words to the effect of "You really want to be running this proggie on NT or 2K if you want to do stuff with it, and no, this isn't an ad sponsored by Microsoft, honest guv" - so this isn't a function which is blocked in 98SE is it? There's a menu option "Enumerate servers", but when I select it, it doesn't do anything. Thanks for all the help so far, though.
Reply With Quote
  #12  
Old 25-March-2002, 22:10
onomatopoeia onomatopoeia is offline
Professor Yaffle
 
Join Date: Dec 2001
Location: on the bookshelf
Posts: 159
Default

That is my IP address. It's pretty trivial to work out given the way Demon accounts work. www.hostname is my webspace on one of the 16 machines that make up homepages.demon.co.uk, hostname is my dialup account.

So given that I make no secret of any of that a simple nslookup gives the IP address. Note you should block that entire 158.152.0.0/16 on your firewall, not just my /32. Also blocking 193.237.0.0/16 would be a good idea. I know people on those subnets who do report scans as a matter of course and can produce evidence of a quality that obliges the ISP to take notice.

I have servers on my connection and a number of open ports in addition to those hosting servers to allow certain utilities to work properly that don't like NAT very much.
Reply With Quote
  #13  
Old 25-March-2002, 22:14
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default

goto 'scan > options > scanning (tab)' an there's 2 little buttons 'operations to perform' and 'ports to scan'

Sil

btw - I think you will find there's stuff that is easy to do on NT4 that can't be done (well not easily) on windoz98 - thats why there's stuff not possible...
Reply With Quote
  #14  
Old 26-March-2002, 01:30
The Beef's Avatar
The Beef The Beef is offline
我們被注定
 
Join Date: Apr 2001
Location: From Southport
Posts: 2,114
Default

Thanks for the info guys!
I sussed out how to configure Lanscans port settings yesterday and just having it scan ports 21 and 80. Well I think I have. But when I scan a range of Ip adresses it still seems to scan pop3 and some other things on other ports! Is this normal?
Still not having any luck though at all.
A scanning party in chat sounds good, but usually when the scream has it's chat's I'm at work.
So I take it I need to have my firewall running do I? Is this to stop my computer being scanned by the persons computer I'm scanning?
I find it all quite interesting, but because I can't find any goodies on ftp and HTTP I'm gettting a bit fed up! I want goodies and I want them Noooooooooooow
__________________
Beef.

"Thinking about what you might not be able to control, only wastes time and energy, till it eventually becomes your enemy."
Reply With Quote
  #15  
Old 26-March-2002, 08:06
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default

There's some other options you probably need to uncheck first. Also you need to make sure your firewall is allowing the scans out.

Port scanning may well be against your ISP's AUP - you could have your ISP account terminated if you port scan

just making it clearer ^^

Sil
Reply With Quote
  #16  
Old 27-March-2002, 02:31
The Beef's Avatar
The Beef The Beef is offline
我們被注定
 
Join Date: Apr 2001
Location: From Southport
Posts: 2,114
Default

I just found this in BT's AUP

Port Scanning
You must not run "port scanning " software which accesses remote machines or networks, except with the explicit prior permission of the administrator or owner of such remote machines or networks. This includes using applications capable of scanning the ports of other Internet users. Click here for a port scanning FAQ

If you intend to run a port scanning application, you must provide BT with a copy of the written consent received from the target of the scan authorising the activity. This must be supplied to BT prior to the application being run. Source:- http://www.abuse-guidance.com/


I hope this isn't like closing the door after the horse has bolted??
__________________
Beef.

"Thinking about what you might not be able to control, only wastes time and energy, till it eventually becomes your enemy."
Reply With Quote
  #17  
Old 27-March-2002, 12:05
squidgy
Guest
 
Posts: n/a
Default

Hmmm. Yeah, you might get booted, though, to be honest, the way I look at it, ISP's can usually boot you for any reason or no reason anyway. As a normal domestic dial-up or DSL user who only has one IP address at a time, when you're on the receiving end of what might be a port scan, you might get a popup in your firewall. But there's no way to tell how they have tried to connect, regardless of whether they're using a portscanner, or a normal client such as telnet, chat client, browser or FTP client, either by guessing your IP address or by following a link. Your firewall won't be able to make any distinction. In fact, if you're using Tiny, it won't tell you at all, unless you happen to be running a server on that port. You would have no way of knowing whether someone is scanning other people's IP addresses around yours or not, and you wouldn't have any reason to know anyway, because it's none of your business.

However, this only applies provided that they don't do more than one port on your IP address at a time. So that's why it's exceptionally important not to check more than one port on each host - quite apart from the fact that it wastes your own bandwidth too if you do.

Even when I used to use ZoneAlarm and it actually told me about access attempts, you might get the odd one, and I consider that okay. Very occasionally, I might get two ports checked in quick succession, but never more, again, nothing really to get upset about. Or someone might try the same one a few minutes later, but I still consider that okay. And what we're talking of doing here is no different, provided you make sure you don't boo-boo on the software configuration.

So - when BT say "You must not run "port scanning " software which accesses remote machines or networks, except with the explicit prior permission of the administrator or owner of such remote machines or networks." Fair enough - but it seems to me that what they're talking about is scanning multiple ports of single hosts, rather than scanning single ports of multiple hosts. It's realistic to ask someone before checking multiple ports. But if I wanted to get permission from 8192 people before merely checking to see if they're hosting an FTP server, then that's going to use up far far more bandwidth than just doing the scan and having done with it. And besides, how am I supposed to contact them anyway to get this permission if they don't have a server waiting for me to connect to, in order to ask them? So you've effectively got to port scan to see if you can get permission to port scan! You could go round in circles on that one.

Okay, so maybe some of the targets might actually be hosting companies who have several IP addresses - they're the people who really will be able to distinguish between you using a port scanner and an FTP client. But then again, if they're a hosting company, I still think that scanning a range of IP addresses uses up far less bandwidth than an average visit to one of their web sites. So I think it's really a matter of getting things in perspective.

But if an ISP does want to boot me, hell, I'm not going to argue it, because life's too short. Same thing again, I'm just trying to keep things in perspective.

Also - a little tip. If you're using Tiny Personal Firewall, but don't totally trust your portscanner program yet, then open the Status window before you start the scanner running, that way, you'll at least have a chance to check that it's doing what it's supposed to be doing, and not wasting your bandwidth by doing something else instead. Once the scanner has started, you will find it difficult to open a new instance of TPF status window, because the scanner will gobble up all the sockets, and TPF won't be able to use one to show you the status.

Thanks for the info about Lanscan too - once I've got it to do it, I'll post.

Last edited by squidgy; 27-March-2002 at 12:38.
Reply With Quote
  #18  
Old 27-March-2002, 12:28
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default

n fact, if you're using Tiny, it won't tell you at all, unless you happen to be running a server on that port.

>what version are you using - 2.0.15a (the last tpfw version made by tinysoftware) and kerio - the new version will both tell you attempts on non-listening ports (if you turn on the option). I think this option was introduced quite a few releases b4 2.0.15a ..

..

If you're using Tiny Personal Firewall, but don't totally trust your portscanner program yet, then open the Status window
before you start the scanner running, that way, you'll at least have a chance to check that it's doing what it's supposed to be doing, and not
wasting your bandwidth by doing something else instead. Once the scanner has started, you will find it difficult to open a new instance of TPF
status window, because the scanner will gobble up all the sockets, and TPF won't be able to use one to show you the status.

> this is a problem with your port scanner (or settings) and not TPF, as said elsewhere most port scanners allow you to set the scan rate and timeouts etc so you aren't overloading your tcp connections (as also said, you can change the max tcp connections in win98). It it also the cause of the problem you report where the port scanner fails to report open ports when you know they are open - you are over loading your tcp connections by the sounds of it.

Sil
Reply With Quote
  #19  
Old 27-March-2002, 12:42
squidgy
Guest
 
Posts: n/a
Default

Thanks for that post silv - we're actually getting back to the reason why I originally started this thread in the first place, which is good! I haven't tried playing about with the settings yet, but it's peak rate phone charges right now, so perhaps I'll try this evening. I just assumed that port scanners are clever to utilise as many sockets as they can get, so as to ensure that they go as fast as possible, whereas at the same time, they wait when they can't get any, so they don't miss open ports. Your average browser or FTP client isn't clever enough to do this - so you're telling me that port scanners don't do it either? Ooops. Still, thanks.
Reply With Quote
  #20  
Old 27-March-2002, 13:07
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default

I'm quite sure that a lot of port scanners will just attempt to use up as many sockets as they can get - thats why they generally have a setting which you tell it how fast to scan / how long to wait for a reply etc

Sil
Reply With Quote
  #21  
Old 27-March-2002, 13:58
squidgy
Guest
 
Posts: n/a
Default

Thanks. Here's where I've gone from there. In NSCAN under "Windows Sockets", there's a "Socket Limit" box and a "Dynamic Socket Limit Allocation maximum" box - so you need to investigate what numbers to put in here. You do this by guessing, and seeing if it's too high or too low.

First of all, connect to the internet, just to get an IP address using ipconfig. Then disconnect from the internet. Now, configure Tiny Personal Firewall so that your port scanner is not allowed to connect to the internet without asking you permission first - however, don't set it to deny permission, just make sure that it asks. This can be done by deleting the rule for it. You'll see why you need to do this in a moment.

Now, set up your port scanner to do a "pretend" scan on any single port of a range of IP addresses that your last IP address fell into, from x.x.0.0 to x.x.y.y. Your range should have as many IP addresses in it as the socket limit you've just configured. Of course, it won't scan for real, since you're not connected to the internet, and it doesn't have firewall permission, but the point is, this causes it to wait for timeouts. Open the Tiny status window, and start the scan. Ignore the popup box for a moment which asks permission, in fact, try to move it out of the way of the status window.

Now, look at the status window. If you see NSCAN trying to make outgoing connection attempts to all of the ports, then your socket limit is okay, maybe you can afford to increase it a bit. But if it's missing a few, you've set the socket limit too high.

Of course, you don't need to count how many lines appear in the status window, since they ought to appear in numerical order, so just scroll down to the bottom and see if the last one is there or not. Now quickly click "Stop" on the port scanner, then go to your Tiny alert popup window, and keep clicking "deny" or hold down the space bar until all the alerts have gone away again.

Then go into NSCAN's configuration, adjust the socket limit boxes accordingly, click ok, then adjust the final host accordingly, and try a new "pretend" scan. Keep repeating this process until you've narrowed it down to a number that it can support.

Once you've found out this number, take a few off for good measure, just in case you want to use the browser or FTP client or buddy system at the same time as the port scanner, then reconfigure Tiny so that it's allowed to connect to the internet again. You can do this by trying one more "pretend" scan whilst your computer is still offline, but this time, create an appropriate rule from the Tiny alert popup, then edit it accordingly.

I've found that on my Windows 98SE, a socket limit of 100 is too many, but it's happy with 90. I haven't tested this on a range of ports which I already know to be all open yet, but I plan to do this soon. Thanks.
Reply With Quote
  #22  
Old 27-March-2002, 14:13
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default

I haven't tested this on a range of ports which I already know to be all open yet, but I plan to do this soon.

> ok - but if you are using the freeserves 'smtp port grabbing feature' as your definition of 'range of ports known to be open' be aware that they might limit connections - i.e. it is possible that they see lots of requests at that port an tell some of the requests the port is closed - as part of a DoS defense ... perhaps..

a way of creating a fake port range could involve telling your OS to use a made up gateway (umm like a webserver) an then scan a range for port 80 - the range start and end points are irrelevant since the OS will send them all to the gateway anyway - I think that should work...

Sil
Reply With Quote
  #23  
Old 27-March-2002, 14:21
squidgy
Guest
 
Posts: n/a
Default

Yep, you guessed it, I tried precisely that! I scanned port 25 of 1024 IP addresses through Freeserve No-Ties dial-up, they're still not all open, but 940 out of 1024 of them are open this time. Which is better - but as you say, it could be a built in DOS defence feature of Freeserve.

a way of creating a fake port range could involve telling your OS to use a made up gateway (umm like a webserver) an then scan a range for port 80 - the range start and end points are irrelevant since the OS will send them all to the gateway anyway - I think that should work...
To be honest, I'm not sure I quite understand that, because I'm not that familiar with the concept of what a gateway is. Would it be possible to do that by hosting a server on my own computer? I think that would be better than annoying someone else. I think what you mean is setting up a new dial-up, but then configure it to use 127.0.0.1 as the gateway, then connect to it, and host my own TCP server, then scan any old range of IP addresses for that port number. Is that an example of what you mean? Or have I misunderstood? Thanks.
Reply With Quote
  #24  
Old 27-March-2002, 14:24
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default

gateway - well it's just a setting in the tcp/ip part of the network properties (right click on the network icon on desktop - pick properties) - in there select tcp/ip > dial up adaptor an pick properties..

in there is a gateway setting - point that at a busy webserver

www.google.com prolly won't notice

Sil
Reply With Quote
  #25  
Old 27-March-2002, 14:56
squidgy
Guest
 
Posts: n/a
Default

I know where to configure the gateway, and I know that you need a gateway for your internet connection to work, it's just that I don't really understand why. But I also know that when you use one of these dynamic IP dial-ups, your gateway is normally the same as your IP address.

I've thought of the obvious flaw with using a server on my own computer - it will double up the socket requirement, since not only would I need a socket for each outgoing connection from the port scanner, but I'd also need another socket for the incoming connection to the server for each one. Hmmm, well, I suppose I could halve the socket limit in the port scanner and then try it, but not really sure that it would prove anything.

You think Google wouldn't mind? Scanning single ports isn't really hammering, but what we're talking about doing here is serious hammering. So I still think that doing something like this without asking permission first would be slightly rude. Anyone out there using Windows NT, and who is therefore technically able to support this little test? I could make it worth your while by letting you pick your way through my 3GB MP3/MPEG collection!

But then, I'm not convinced that using a non-standard configuration just to test something is really going to prove anything anyway. I haven't tried telnetting those Freeserve SMTP ports that were closed yet, I mean, maybe they really are closed all the time anyway. If you're scanning your own network to find security vulnerabilities, then yes, you really will want to find everything. But if you're just looking elsewhere for hidden content, you're not interested in the remote party's security anyway, so who cares if you miss a few? 940 out of 1024 ain't bad, so perhaps I'll just be happy with that, unless someone is really really interested in looking around my collection. Thanks for the help, though.

Last edited by squidgy; 27-March-2002 at 15:20.
Reply With Quote
  #26  
Old 27-March-2002, 16:16
onomatopoeia onomatopoeia is offline
Professor Yaffle
 
Join Date: Dec 2001
Location: on the bookshelf
Posts: 159
Default

ppp means "point to point protocol". Your machine is only connected to one other directly, not to the whole of the internet. This is the gateway. It is the place where packets with IP addresses that your machine doesn't know how to route itself are sent.

I can recommend "DNS and BIND" published by O'Reilley if you are interested in learning more. It explains about routing tables and so on as the single user direct dial up scenario is the simplest configuration and things can be a lot more complicated.
Reply With Quote
Reply

Tags
bad, collection, company, computer, connection, dns, email, fake, feature, free, google, happy, internet, isp, mail, make, network, opinion, phone, port, publish, security, settings, smtp, software, speed, web, windows, zonealarm

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 03:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!