[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Security concern or not?

Subject: [cobalt-security] Security concern or not?
From: Scott Genevish <genevish@xxxxxxx>
Date: Tue, 31 Oct 2000 15:11:29 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

The training department recently got our IT department to install a RaQ 3i
for us so we can host our training site, with the caveat that we support it
ourselves.

The did a port scan using CyberCop's TCP FIN scan.  The definition of this
scan by CyberCop is:

"This check can be used as a much faster alternative to regular TCP port
scanning. This check scans a target host for listening TCP ports by
observing how the target replies to a TCP FIN packet. Because the target
host replies only when a FIN is sent to a non-listening port, and not
when an FIN is sent to a listening port, the scanner can infer which
ports are being listened on. Because ports are checked without actually
initiating a TCP connection, this type of scan is sometimes referred to
as a "stealth" scan.
"The drawback in using this method is that it may be unreliable due to
packet loss on the network and differing behavior of different target
systems. Because this method assumes that a target port is listening
whenever a reply is not received, it is particularly prone to packet
loss. As a result this scan may mistakenly report some non-listening ports
as being active."

This scan shows EVERY port open on the server.  Is this correct?  How can I
shut some of these down?

Thanks,

-Scott

Prev by Date: [cobalt-security] Newbie to cobalt
Next by Date: Re: [cobalt-security] Security concern or not?
Previous by thread: Re: [cobalt-security] Newbie to cobalt
Next by thread: Re: [cobalt-security] Security concern or not?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index