I cloned many of the example modules used for hardening a machine, such as:
IP Stack Hardening
Windows LSASS Security
Windows Service Host Security
If I run SuperScan 4 against my test host (which has various web ports, sql, tftp, etc.) using default settings, CSA denies access to the TCP ports but still shows the UDP ports including banner information. The default setting for TCP's scan type is SYN. However if I change the scan type to Connect, I can succesfully see all of my TCP ports and their banner information.
Another tool in SuperScan is Windows Enumeration - I'm able to gather Netbios info, connect with a Null session, get all the MAC addresses, map out all the RPC endpoints, and get the machines date/time and uptime.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...