Vorenus
asked on
How to test which outgoing ports are not blocked
Hi,
Does somebody know of a tool which can test/list which ports are not blocked by the firewall for outgoing connection, kinda like the opposite of a port scanner.
I would like to test it to integrate this to my auditing procedures.
Thanks.
Does somebody know of a tool which can test/list which ports are not blocked by the firewall for outgoing connection, kinda like the opposite of a port scanner.
I would like to test it to integrate this to my auditing procedures.
Thanks.
ASKER
Hi Rajesh,
Thanks, but it is not really my problem : I probably wasn't clear enough, sorry.
I want to check which ports can leave the local network and not just reach it.
Example : in my company, nothing except, 80, 443, can leave the network to the internet.
Example, if an user wants to use Remote Desktop from office to access its home computer, it won't work because port 3389 is closed for outbound connection in our firewall.
Knowing which inbound ports is easy, I just have to do nmap from an external connection, but what I'm wanting to know is which ports can leave the machine (vs which ports can reach it, which is quite easy).
I don't always know where the firewall is or have access to it immediatly when I go to the site first to make my audit (sometimes, they are administrated by external companies and the users don't know the passwords and it takes usually sometime to have the company tell me the password etc).
Sometimes, the outbound ports are blocked at the ISP level too and I have no way to know that other than trying to connect from all the ports.
The current solution I'm thinking about is to have a listener program which listens on the 65535 ports at once on a machine located on a separate site/internet connection, under a DMZ, and running another program trying to connect to those ports from the site I'm investigating/auditing, but I wonder if there is another solution which is ready or available.
Thanks,
Thanks, but it is not really my problem : I probably wasn't clear enough, sorry.
I want to check which ports can leave the local network and not just reach it.
Example : in my company, nothing except, 80, 443, can leave the network to the internet.
Example, if an user wants to use Remote Desktop from office to access its home computer, it won't work because port 3389 is closed for outbound connection in our firewall.
Knowing which inbound ports is easy, I just have to do nmap from an external connection, but what I'm wanting to know is which ports can leave the machine (vs which ports can reach it, which is quite easy).
I don't always know where the firewall is or have access to it immediatly when I go to the site first to make my audit (sometimes, they are administrated by external companies and the users don't know the passwords and it takes usually sometime to have the company tell me the password etc).
Sometimes, the outbound ports are blocked at the ISP level too and I have no way to know that other than trying to connect from all the ports.
The current solution I'm thinking about is to have a listener program which listens on the 65535 ports at once on a machine located on a separate site/internet connection, under a DMZ, and running another program trying to connect to those ports from the site I'm investigating/auditing, but I wonder if there is another solution which is ready or available.
Thanks,
ASKER
In short, I'm looking for a solution to easily list which ports can be used to leave the network rather than reach it, which I already know how to do.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks,
It doesn't seem to be exactly what I am after (it seems to only run on Linux and require 2 Nics, one plugged into the firewall appliance), but it may be useful as well.
It doesn't seem to be exactly what I am after (it seems to only run on Linux and require 2 Nics, one plugged into the firewall appliance), but it may be useful as well.
That is the close I could come across from my rss feeds :-)
Cheers,
Rajesh
Cheers,
Rajesh
Cheers,
Rajesh