Re: FTP Window of opportunity?
From: Nexus (nexus_at_patrol.i-way.co.uk)
Date: 03/24/04
- Previous message: Doty, Stephen (BearingPoint): "Oracle DB Audity"
- In reply to: Jerry Shenk: "RE: FTP Window of opportunity?"
- Next in thread: Anders Thulin: "Re: FTP Window of opportunity?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <pen-test@securityfocus.com> Date: Wed, 24 Mar 2004 19:28:45 -0000
----- Original Message -----
From: "Jerry Shenk" <jshenk@decommunications.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, March 24, 2004 3:36 AM
Subject: RE: FTP Window of opportunity?
[snip]
> BTW, some firewalls (Raptor at least) intentionally respond to all kinds
> of crazy traffic. It seems that they intentionally try to confuse an
> attacker (or pen tester;) by allowing connections to ports that aren't
> really open.
I'm not sure that's deliberate, rather a wierd-arse side effect of the
stateful inspection or ephemeral ports or summat.. *shrug*
You will also see similar odd resonses from various vendor implementations
of SYN flood 'proxy' defence, where the firewall completes the 3-way
handshake itself to you, then tries to connect to the destination host and
port on your behalf and if all is well, shovels the traffic across, if not,
it just drops you.
Cheers.
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
- Previous message: Doty, Stephen (BearingPoint): "Oracle DB Audity"
- In reply to: Jerry Shenk: "RE: FTP Window of opportunity?"
- Next in thread: Anders Thulin: "Re: FTP Window of opportunity?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
