Announcement

Collapse
No announcement yet.

Detecting Intruders entering through unused ports

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Detecting Intruders entering through unused ports

    Hi

    This is the first query i am posting in this forum.

    Query:

    I Want to know the way the hackers enter the network via the unused port.
    Is there any way by which we will be able to track and block them in entering the system. It would be better if we block them in entering the Ports.

    Kindly Reply soon

    Thanks in advance.............

  • #2
    Re: Detecting Intruders entering through unused ports

    what kind of firewall you're using?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Detecting Intruders entering through unused ports

      Hi

      We are using Windows 2000 server, and we have checkpoint firewall configured in it. and we also have an IDS(etrust) configured in a Machine Is there any possibility that we will be able to track Intruders with the help of Firwall or IDS. I do not know Abt this. Can you help me out in this issue.

      Thank & Regards

      S.Ganesharaj

      Comment


      • #4
        Re: Detecting Intruders entering through unused ports

        Is this a server connected to the internet ?

        At first look I would say block all "unused" ports. What reason is there to keep ports open you don't need ?

        Comment


        • #5
          Re: Detecting Intruders entering through unused ports

          Within Check Point you're normally create (well exually any firewalll though) the following rules

          Rule 1,2,3 (as many as needed) Fw management rules
          The stealth rule like a
          Any source firewall destination any traffic drop (not block)
          You're needed internet rules...

          You're netbios cleanup rule (nog logging about netbios and so on)

          Finally the cleanup rule
          The:
          Any souce any destination any traffic Drop.


          most important of all..
          Keep you're rulebase as simple as possible.
          the larger the rulebase, the harder to manage.
          Last edited by Dumber; 13th October 2005, 07:56.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment

          Working...
          X