[18488] in bugtraq
Re: analysis of auditable port scanning techniques
daemon@ATHENA.MIT.EDU (Henrik Nordstrom)
Tue Jan 9 12:16:40 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <3A5A5CB3.6417FA36@hem.passagen.se>
Date: Tue, 9 Jan 2001 01:34:59 +0100
Reply-To: hno@HEM.PASSAGEN.SE
From: Henrik Nordstrom <hno@HEM.PASSAGEN.SE>
X-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Dan Harkless wrote:
> Well, there's a feature request for auth/ident/tap daemons running on OSes
> (if any) that can distinguish after-the-fact between connections that
> originated locally and those that originated remotely. Assuming that
> doesn't break RFCs 931 / 1413, of course (I'd re-read them right now to
> check, if I had the time)...
Well, the simple fix would to deny queries for ports where there is a
local service listening on the same interface/IP (or "ANY").
--
Henrik Nordstrom
