RE: Interesting challenge

From: Steve Goldsby (ICS) (sgoldsby_at_networkarmor.com)
Date: 01/30/04

  • Next message: Don Parker: "Re: TCP Header manipulation of the protocol field"
    Date: Fri, 30 Jan 2004 11:30:24 -0600
    To: "Sanjay K. Patel" <sanjay.patel@rexwire.com>, <pen-test@securityfocus.com>
    
    

    Netscreens' for instance, will block hosts that are performing
    portscans.
    Teros boxes will also block most 'crafted' layer 7 attacks.

    What type of scan are you doing?

    Try doing: nmap -sS -P0 -p80

    And see what you get. If you get filtered you're looking at a stateful
    box, if you get blocked, I would say there's a proxy in there somewhere.

    Steve Goldsby
    www.networkarmor.com
     

    -----Original Message-----
    From: Sanjay K. Patel [mailto:sanjay.patel@rexwire.com]
    Sent: Friday, January 30, 2004 10:43 AM
    To: pen-test@securityfocus.com
    Subject: Interesting challenge

    We are doing a pen test for a client and have run into a interesting
    situation. The client has a server running IIS and Exchange we can get
    to it
    through a browser but when we try to run Nessus or Eeye Retina against
    it,
    neither product can find the server. The client is not running any IDS
    system has a simple firewall. A port scan revels no open port though
    port 80
    is open since the server is serving pages.

    SKP

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ----
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: Don Parker: "Re: TCP Header manipulation of the protocol field"

    Relevant Pages

    • Re: Remote View/Control
      ... say to open port 3389 from my home IP only? ... Which Ip address would I use to connect to the server ... >> sitting behind a SMC broadband router. ...
      (microsoft.public.windows.server.networking)
    • Re: Question about Data Safety and VPN
      ... allowed ordinary outbound SMTP (port 25) on request. ... changing those on your mail server is generally easy enough. ... probably don’t want to open port 25 for a special purpose like this ...
      (comp.arch.embedded)
    • Re: How to give remote access to Exchange? Is VPN the solution?
      ... Open Port 443 to your SBS server.. ... And DMZ? ...
      (microsoft.public.windows.server.sbs)
    • Re: Interesting challenge
      ... The client has a server running IIS and Exchange we can get to it ... A port scan revels no open port though port 80 ...
      (Pen-Test)
    • RE: Some technical errors
      ... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ...
      (Security-Basics)