FTP Window of opportunity?
From: C Ryll (carolynryll_at_hotmail.com)
Date: 03/23/04
- Previous message: R. DuFresne: "RE: Email Pen-testing"
- Next in thread: Jerry Shenk: "RE: FTP Window of opportunity?"
- Reply: Jerry Shenk: "RE: FTP Window of opportunity?"
- Reply: Anders Thulin: "Re: FTP Window of opportunity?"
- Reply: Josh Tolley: "Re: FTP Window of opportunity?"
- Maybe reply: Stevenson, John G: "RE: FTP Window of opportunity?"
- Maybe reply: C Ryll: "RE: FTP Window of opportunity?"
- Maybe reply: Erik Birkholz: "Re: FTP Window of opportunity?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com Date: Tue, 23 Mar 2004 21:50:08 +0000
I recently assessed a system in which I already know its configuration (and
have full legal rights to). FTP is purposefully not running, as well as
blocked by the firewall.
When I scan with ISS, the FTP port shows up. When I use NMap, it does not
show FTP's port.
Because of the discrepancy, I tried to manually FTP into the system. It
actually said "Connected...", hung for about 10 seconds, and then said
"Connection Terminated."
(As a baseline, telnet's port is also blocked by the firewall, and does not
show up in scans - essentially, results for telnet are as expected).
With ISS, I'm assuming that it saw "Connected..." and showed me that port.
My guess would be that NMap waited around to try something else, but saw
"Connection Terminated" and didn't list it.
However, as I said previously, seeing that it actually says "Connected", and
then hangs for about 10 seconds before terminating:
1). Can I use this behavior to my advantage somehow? If yes, how?
2). Is there a known explanation to this?
The firewall is the Internet Connection firewall, and I am curious if it
requires the ftp port inadvertently for its functioning when checking the
incoming packets...
While I can make some changes to the system (like shutting off certain
services and shutting off the firewall), I cannot modify it such that I can
try another firewall or anything else like that.
Any help is greatly appreciated.
Carolyn.
_________________________________________________________________
All the action. All the drama. Get NCAA hoops coverage at MSN Sports by
ESPN. http://msn.espn.go.com/index.html?partnersite=espn
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
- Previous message: R. DuFresne: "RE: Email Pen-testing"
- Next in thread: Jerry Shenk: "RE: FTP Window of opportunity?"
- Reply: Jerry Shenk: "RE: FTP Window of opportunity?"
- Reply: Anders Thulin: "Re: FTP Window of opportunity?"
- Reply: Josh Tolley: "Re: FTP Window of opportunity?"
- Maybe reply: Stevenson, John G: "RE: FTP Window of opportunity?"
- Maybe reply: C Ryll: "RE: FTP Window of opportunity?"
- Maybe reply: Erik Birkholz: "Re: FTP Window of opportunity?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
