RE: All tcp ports open?

• Previous message: Todd Towles: "RE: Huge Live Linux Boot CDs"
• In reply to: Ben Timby: "All tcp ports open?"
• Next in thread: Andres Riancho: "Re: All tcp ports open?"
• Reply: Andres Riancho: "Re: All tcp ports open?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Ben Timby'" <asp@webexc.com>, <pen-test@securityfocus.com>
Date: Sun, 29 Aug 2004 16:10:08 +0200

> I am not sure what is doing this, but I assume it is a
> software (or some
> kind of) firewall/hids, can anybody point me in the right direction?
>
> I am pen-testing a Windows webserver, and a port scan reveals ALL tcp
> ports open. hping also confirms that a SA is returned for any
> S packets
> sent to any port I try. I can connect via netcat any of the
> ports, and
> send data, but nothing is returned. In order to verify services, I am
> required to connect and check for a banner or send
> appropriate protocol
> commands to elicit a response.
>
> Has anyone seen this, or have any idea of what this is?

http://www.iptables.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT

This is for Linux but may help you finding more informations.

Max

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Previous message: Todd Towles: "RE: Huge Live Linux Boot CDs"
• In reply to: Ben Timby: "All tcp ports open?"
• Next in thread: Andres Riancho: "Re: All tcp ports open?"
• Reply: Andres Riancho: "Re: All tcp ports open?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Rogue activity methodology (was: Tool to find hidden web proxyserver) ... Subject: Rogue activity methodology (was: Tool to find hidden web ... Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ... (Pen-Test) RE: Wireless Scanning ... Objet: RE: Wireless Scanning ... > Ethical Hacking at the InfoSec Institute. ... > Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ... (Pen-Test) RE: Tool to find hidden web proxy server ... reporter that runs as a service and periodically reports on port usage. ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... learn to write exploits and attack security infrastructure. ... (Pen-Test) RE: snmp ... You should give ADMsnmp a try. ... Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ... (Pen-Test) RE: Achilles proxy for linux ... I believe you should try Burp Proxy or Snark ... Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ... (Pen-Test)