North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)
Hello, Saturday, May 18, 2002, 7:17:43 PM, you wrote: RD> On Sat, 18 May 2002, Scott Francis wrote: >> And why, pray tell, would some unknown and unaffiliated person be scanning my >> network to gather information or run recon if they were not planning on >> attacking? I'm not saying that you're not right, I'm just saying that so far >> I have heard no valid non-attack reasons for portscans (other than those run >> by network admins against their own networks). RD> I often like to know if a particular web server is running Unix or RD> Winblows. A port scanner is a useful tool in making that determination. [[email protected] phpdig]$ telnet www.istop.com 80 Trying 216.187.106.194... Connected to dci.doncaster.on.ca (216.187.106.194). Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Sun, 19 May 2002 01:47:57 GMT Server: Apache/1.3.22 (Unix) FrontPage/4.0.4.3 PHP/4.1.2 mod_fastcgi/2.2.8 Last-Modified: Sat, 18 May 2002 06:05:35 GMT ETag: "68807-9ff5-3ce5ef2f" Accept-Ranges: bytes Content-Length: 40949 Connection: close Content-Type: text/html Connection closed by foreign host. (make sure you hit [Enter] twice after the "HEAD / HTTP/1.0"). Gets you all of the information you need, and you don't have to do a portscan. I have a perl script that automates the task if you would like it, let me know. allan -- allan [email protected] http://www.allan.org
|