[| Navigational map -- for text only please go to the bottom of the page |]
[|Opinions|]

                                        This way to >>> [Image]

  [Security Watch]

       July 6, 1998

       Free Windows-based scanners are plentiful, but only
       Asmodeus shows promise

       Many of you have sent us e-mail wanting to know what free
       port scanners are available for a Windows 95 or Windows NT
       machine. For those of you who shy away from Unix, there
       are a variety of freely available Windows-based scanners
       on the Internet. Though none of them is as robust or
       flexible as their Unix counterparts, all of them do
       provide a surface view of the security holes in your
       network. (For more on the Linux tool nmap, from Fyodor's
       Playhouse, see "Freeware scanners find network holes,
       thwart detection solutions.")

       Warning: no stealth scanning

       The fundamental problem with all Windows-based scanners is
       their current lack of stealth scanning such as Syn, FIN,
       or fragmentation. Stealth scanning can trick a
       packet-filtering router or firewall into allowing the scan
       through to your network. So if you use Windows scanning
       tools, you may not be getting the complete picture.
       Crackers love stealth scanning techniques and use them
       extensively to try and get around your routers and
       firewalls. Be forewarned: Windows scanners won't tell you
       the whole story.

       At the bottom of the scanning food chain is IP Prober -- a
       freeware utility offered by Access Informatics
       (http://www.accinform.com/ipprobe.html). IP Prober is the
       simplest of scanners because it does only one thing: scan
       a single IP address with a range of port numbers. There is
       nothing fancy with this tool -- no name resolution, no
       random port scanning, and it is often very slow (due
       largely to its number of retries with non-responsive
       ports).

       Port Scanner is a shareware utility offered by Blue Globe
       Software (http://www.blueglobe.com/~cliffmcc). The product
       offers a range of IP addresses for scanning and port
       numbers from a maintained list (which provides some degree
       of randomness). In addition, Port Scanner provides name
       resolution, target ranges, and list scanning
       (pseudo-random), but it does not provide a means to
       randomize your hosts. It can also be quite slow.

       Sam Spade is freeware written by Blighty Design
       (http://www.blighty.com/products/spade). Sam is much more
       than a scanner. We use it extensively in our security work
       to perform zone transfers, Whois, lookups, PING, DNS,
       traceroute, dig, Finger, SMTP VRFY/EXPN, and much more. It
       does offer name resolution, target ranges, and list
       scanning (pseudo-random), plus it's very fast. But like
       the other Windows scanners, it offers no stealth scanning
       and no random host or port scanning. And we have found
       that large scans with Sam have a tendency to overwhelm the
       system.

       Internet Maniac is a freeware utility by Sumit Birla
       (http://members.tripod.com/~Sumit_Birla). This utility is
       also much more than a port scanner; it includes name
       lookups, traceroute, PING, raw connect, Finger, Whois,
       POP3 check, and a port listener. The scanner does allow
       for target host ranges and tends to be very fast. However,
       it offers no random host or port selection, and along with
       the other products, it offers no stealth scanning.

       Great promise

       At the top of the food chain we find Asmodeus, from Web
       Trends (http://www.webtrends.com/wss). This freeware beta
       product doesn't have fancy features, but it's one of the
       only products that offers vulnerability checks such as
       banner, registry permission, and OS checks. Other niceties
       include an Ethernet sniffer and vulnerability scripting
       capability. But it offers no host or port ranges (full
       domains only), no random scanning, and only modest
       scanning speeds. It may be too early to tell, but Asmodeus
       has the beginnings of a robust Windows-based scanner.

       If your goal is to understand your network from a
       40,000-foot view, then Windows port scanning tools will
       suffice. But if you're serious about your security and
       looking for the holes that crackers will find, then take
       the time to install a Linux box and use nmap.

                     -----------------------------

                                [Image]

       Test Center Support Manager Stuart McClure and Technology
       Analyst Joel Scambray have managed information security in
        academic, corporate, and government environments for the
        past nine years. They currently test dozens of security
        products, from firewalls to security auditing solutions,
          in search of new ways to improve enterprise network
         security. Send e-mail to security_watch@infoworld.com.

                   Missed a column? Go back for more.

                                [Image]

                     -----------------------------

              Copyright © 1998 InfoWorld Media Group Inc.

            | SiteMap | Search | PageOne | Reader/Ad Services |
         | Enterprise Careers | Opinions | Test Center | Features |
           | Forums | Interviews | InfoWorld Print | InfoQuote |
                       [Image] [Image][Image] [Image]