Re: Interesting challenge
From: David Barroso (dbarroso_at_s21sec.com)
Date: 01/30/04
- Previous message: Frazier Evans: "Re: Pen testing training / certification"
- In reply to: Sanjay K. Patel: "Interesting challenge"
- Next in thread: Serhan Sevim: "RE: Interesting challenge"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jan 2004 20:28:44 +0100 (CET) To: "Sanjay K. Patel" <sanjay.patel@rexwire.com>
> We are doing a pen test for a client and have run into a interesting
> situation. The client has a server running IIS and Exchange we can get to
> it
> through a browser but when we try to run Nessus or Eeye Retina against it,
> neither product can find the server. The client is not running any IDS
> system has a simple firewall. A port scan revels no open port though port
> 80
> is open since the server is serving pages.
>
Sanjay,
perhaps an additional layer of security is implemented, which silently
drops all packets received from a specific host, if it detects a portscan
from that host, and accepts a normal traffic flow if it does not detect
any 'attack'. This countermeasure could be installed in your client's
site, or, on the other hand, maybe your egress traffic is being filtered.
David
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Frazier Evans: "Re: Pen testing training / certification"
- In reply to: Sanjay K. Patel: "Interesting challenge"
- Next in thread: Serhan Sevim: "RE: Interesting challenge"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
