RE: Interesting challenge

• Previous message: Ranjeet Shetye: "Re: TCP Header manipulation of the protocol field"
• Maybe in reply to: Sanjay K. Patel: "Interesting challenge"
• Next in thread: Sanjay K. Patel: "RE: Interesting challenge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 30 Jan 2004 11:30:24 -0600
To: "Sanjay K. Patel" <sanjay.patel@rexwire.com>, <pen-test@securityfocus.com>

Netscreens' for instance, will block hosts that are performing
portscans.
Teros boxes will also block most 'crafted' layer 7 attacks.

What type of scan are you doing?

Try doing: nmap -sS -P0 -p80

And see what you get. If you get filtered you're looking at a stateful
box, if you get blocked, I would say there's a proxy in there somewhere.

Steve Goldsby
www.networkarmor.com
 

-----Original Message-----
From: Sanjay K. Patel [mailto:sanjay.patel@rexwire.com]
Sent: Friday, January 30, 2004 10:43 AM
To: pen-test@securityfocus.com
Subject: Interesting challenge

We are doing a pen test for a client and have run into a interesting
situation. The client has a server running IIS and Exchange we can get
to it
through a browser but when we try to run Nessus or Eeye Retina against
it,
neither product can find the server. The client is not running any IDS
system has a simple firewall. A port scan revels no open port though
port 80
is open since the server is serving pages.

SKP

------------------------------------------------------------------------

---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Ranjeet Shetye: "Re: TCP Header manipulation of the protocol field"
• Maybe in reply to: Sanjay K. Patel: "Interesting challenge"
• Next in thread: Sanjay K. Patel: "RE: Interesting challenge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]