Port Scan without detection
First off, I hate to ask this question in an open forum as I already know some of the comments to be seen about the subject from other reading I've done on EE, if you have nothing constructive to say then just keep it to yourself.
So a little background on why I need to ask the question....
I'm the lone IT person for an agency with 2 sites of 50 staff, we are one agency of about 200 other different type agencies that fall under a single authority, that single authority has told all to chop there budgets or has given various agencies a number they expect the budget to come in at.
Our staff/agency provides services to an outside world of about 400 + locations (under a shared cost) which in turn pass's those services to a client base of around 500K + which has been traditionally for free. We have "normally" farmed most of our services out to web-hosting vendors from which we managed them or have the vendor manage but their cost have gone up while our and the 400 + locations have been told to chop cost but yet expected to continue to with services.
The problem..........
I have come up with some theoretical ideas on how to chop our two biggest expenses which total about 470k in half by hosting on our agencies servers but my problem is I dont know what ports are closed by the agency that manages the network for all agencies under the "authority". I have made countless calls and sent countless emails requesting information on how our little part of the network firewall is set and those request go ignored by not only the networking staff but also the supervisory of said agency. If I had my choice I'd have all our servers in the DMZ and just manage a local firewall.
I'd like to run a port scan from the outside to our internet IP but know "some" of the capabilities of the ASA firewalls that are in use and know that managing agency has strict rules against doing such, the head of our agency knows nothing about the computing world other than how to use a computer and has given me suggestions on whom to contact about this and that but all have been fruitless.
Before I took on the position I use (well still do) have my own clients and from time to time would run a port scan of their location with NMAP/Zenmap to protect them from the outside, now I'm looking for a way to not be detected doing a port scan so i can accomplish the tasks at hand while looking to keep my butt out of a sling for doing so.
So anyone know anything that might give me a fighting chance?
So a little background on why I need to ask the question....
I'm the lone IT person for an agency with 2 sites of 50 staff, we are one agency of about 200 other different type agencies that fall under a single authority, that single authority has told all to chop there budgets or has given various agencies a number they expect the budget to come in at.
Our staff/agency provides services to an outside world of about 400 + locations (under a shared cost) which in turn pass's those services to a client base of around 500K + which has been traditionally for free. We have "normally" farmed most of our services out to web-hosting vendors from which we managed them or have the vendor manage but their cost have gone up while our and the 400 + locations have been told to chop cost but yet expected to continue to with services.
The problem..........
I have come up with some theoretical ideas on how to chop our two biggest expenses which total about 470k in half by hosting on our agencies servers but my problem is I dont know what ports are closed by the agency that manages the network for all agencies under the "authority". I have made countless calls and sent countless emails requesting information on how our little part of the network firewall is set and those request go ignored by not only the networking staff but also the supervisory of said agency. If I had my choice I'd have all our servers in the DMZ and just manage a local firewall.
I'd like to run a port scan from the outside to our internet IP but know "some" of the capabilities of the ASA firewalls that are in use and know that managing agency has strict rules against doing such, the head of our agency knows nothing about the computing world other than how to use a computer and has given me suggestions on whom to contact about this and that but all have been fruitless.
Before I took on the position I use (well still do) have my own clients and from time to time would run a port scan of their location with NMAP/Zenmap to protect them from the outside, now I'm looking for a way to not be detected doing a port scan so i can accomplish the tasks at hand while looking to keep my butt out of a sling for doing so.
So anyone know anything that might give me a fighting chance?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Even with being on the up and up "they" still get testy, only been in this position for 3 months and I'm starting to gather that if things go unanswered then "they" think the party asking has no need to know. I'm not big on circumventing policy but when it interferes in things i need to do and I get no assistance I have to find or think my way around the policy.
thanks for the suggestion I think that will work out well better than doing the -d switch
thanks for the suggestion I think that will work out well better than doing the -d switch
:) ThanQ
Pete