[| Navigational map -- for text only please go to the bottom of the page |] [|Opinions|] This way to >>> [Image] [Security Watch] July 6, 1998 Free Windows-based scanners are plentiful, but only Asmodeus shows promise Many of you have sent us e-mail wanting to know what free port scanners are available for a Windows 95 or Windows NT machine. For those of you who shy away from Unix, there are a variety of freely available Windows-based scanners on the Internet. Though none of them is as robust or flexible as their Unix counterparts, all of them do provide a surface view of the security holes in your network. (For more on the Linux tool nmap, from Fyodor's Playhouse, see "Freeware scanners find network holes, thwart detection solutions.") Warning: no stealth scanning The fundamental problem with all Windows-based scanners is their current lack of stealth scanning such as Syn, FIN, or fragmentation. Stealth scanning can trick a packet-filtering router or firewall into allowing the scan through to your network. So if you use Windows scanning tools, you may not be getting the complete picture. Crackers love stealth scanning techniques and use them extensively to try and get around your routers and firewalls. Be forewarned: Windows scanners won't tell you the whole story. At the bottom of the scanning food chain is IP Prober -- a freeware utility offered by Access Informatics (http://www.accinform.com/ipprobe.html). IP Prober is the simplest of scanners because it does only one thing: scan a single IP address with a range of port numbers. There is nothing fancy with this tool -- no name resolution, no random port scanning, and it is often very slow (due largely to its number of retries with non-responsive ports). Port Scanner is a shareware utility offered by Blue Globe Software (http://www.blueglobe.com/~cliffmcc). The product offers a range of IP addresses for scanning and port numbers from a maintained list (which provides some degree of randomness). In addition, Port Scanner provides name resolution, target ranges, and list scanning (pseudo-random), but it does not provide a means to randomize your hosts. It can also be quite slow. Sam Spade is freeware written by Blighty Design (http://www.blighty.com/products/spade). Sam is much more than a scanner. We use it extensively in our security work to perform zone transfers, Whois, lookups, PING, DNS, traceroute, dig, Finger, SMTP VRFY/EXPN, and much more. It does offer name resolution, target ranges, and list scanning (pseudo-random), plus it's very fast. But like the other Windows scanners, it offers no stealth scanning and no random host or port scanning. And we have found that large scans with Sam have a tendency to overwhelm the system. Internet Maniac is a freeware utility by Sumit Birla (http://members.tripod.com/~Sumit_Birla). This utility is also much more than a port scanner; it includes name lookups, traceroute, PING, raw connect, Finger, Whois, POP3 check, and a port listener. The scanner does allow for target host ranges and tends to be very fast. However, it offers no random host or port selection, and along with the other products, it offers no stealth scanning. Great promise At the top of the food chain we find Asmodeus, from Web Trends (http://www.webtrends.com/wss). This freeware beta product doesn't have fancy features, but it's one of the only products that offers vulnerability checks such as banner, registry permission, and OS checks. Other niceties include an Ethernet sniffer and vulnerability scripting capability. But it offers no host or port ranges (full domains only), no random scanning, and only modest scanning speeds. It may be too early to tell, but Asmodeus has the beginnings of a robust Windows-based scanner. If your goal is to understand your network from a 40,000-foot view, then Windows port scanning tools will suffice. But if you're serious about your security and looking for the holes that crackers will find, then take the time to install a Linux box and use nmap. ----------------------------- [Image] Test Center Support Manager Stuart McClure and Technology Analyst Joel Scambray have managed information security in academic, corporate, and government environments for the past nine years. They currently test dozens of security products, from firewalls to security auditing solutions, in search of new ways to improve enterprise network security. Send e-mail to [email protected]. Missed a column? Go back for more. [Image] ----------------------------- Copyright © 1998 InfoWorld Media Group Inc. | SiteMap | Search | PageOne | Reader/Ad Services | | Enterprise Careers | Opinions | Test Center | Features | | Forums | Interviews | InfoWorld Print | InfoQuote | [Image] [Image][Image] [Image]