Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Scanners

Created: 05 Sep 2012 | 5 comments
Fabiano.Pessoa's picture

Dear, good morning.
 
I would like to propose a database for codes port scan, or create a code base with NMAP scans principalemnte which is the most widely used, not responding or not responding to them.
 SEP blocks this type of action, but she is just starting and depending on the code used, the port scan continues to yield results, ie, desktop, notebook, etc., continues to answer requests.
 
With the example code in NMAP to explore internal networks. This code was used to capture failures in a network with XP SP2, but also used in Win7 and to my surprise, flirting with this code on Win7 yet been answered.
 
nmap-v - script = smb-check-vulns 192.168.0.0/24
 
The PC still even with SEP blocking the check, still answer the requests, inform MAC addresses, IP and their doors open, and still telling the vulnerabilities that can be explored with exploits.
 
The example would be - Do not respond to "nmap-v - script = smb-check-vulns 192.168.0.0/24" - creating a bridge to the base network by sending even if detected, how to program the OS / NETWORK to non-response to the scan.
 
The same code served perfectly and even suggested a new special that would scan for implementing add "- script-args = unsafe = 1", simply because it recognized that the former was not for this operating system.
 
The same has said that MS06-025 (exploit) was exploitable with MS07-029 after also checking results that ports like 135, 139 and 1025 were open. The SEP has previously reported that would be blocking this type of scan, but as we can see, nothing done.
 
My proposal is to establish real control in this type of verification, where the tool of protection, responds to this type of scan the network and not allowing no answer another stack or layer, that is, so our solution is placed in our computer, he is the administrator and not the user.
 
I hope you understood my idea, I'll be ready for any questions.
 
Big hug to everyone.
 

Comments 5 CommentsJump to latest comment

Fabiano.Pessoa's picture

thanks yes

Fabiano Pessoa

Systems Analyst - Forensic Expert

.Brian's picture

Submit as article or blog. Nice work. cool

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

P_K_'s picture

Great..Please write a blog Entry if not an Article

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Fabiano.Pessoa's picture

Hi all,

I put as Article hugsyes

Fabiano Pessoa

Systems Analyst - Forensic Expert