Wed, 08 Mar 2006
Know Thy Open Network ports
Which ports do your servers have open right now? How did you check?
Netstat? Are you really sure that it's doing the right thing? What the host
claims to be exporting isn't always the same as what other hosts on the
network see. When did your DNS server start exposing that TCP port? Has it
always been there?
I want a tool that keeps track of what ports a machine has open and shows me changes (and tracks when things change). It has to scan the whole port range from top to bottom and it needs to do UDP scans in under a couple of hours. Think of tripwire but for network ports. Changes have to be approved or they keep being flagged as suspicious. As a side effect it'll also show you when things go away. Hard to write? Not really. But why don't most of us already have it built and running?
It's also worth pointing out that this isn't the same role that programs like Nagios fill. You tell Nagios what to watch and it picks up changes in that limited scope. I want something to watch the whole (finite) port range and show me things I didn't think about.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/03/08 20:45 | /security | Permanent link to this entry | This entry and same date
Copyright © 2000-2010 Dean Wilson
