RE: All tcp ports open?
From: Don Parker (hydra291_at_hotmail.com)
Date: 08/29/04
- Previous message: Andres Riancho: "Re: All tcp ports open?"
- Maybe in reply to: Ben Timby: "All tcp ports open?"
- Next in thread: Varun Pitale: "Re: All tcp ports open?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: asp@webexc.com, pen-test@securityfocus.com Date: Sun, 29 Aug 2004 17:37:18 -0400
Hello Ben, it makes absolutely no sense that there is a service listening on
every TCP port at all. Are you sure? Could you perhaps paste the hping o/p
here? Lastly if the handshake are not completed the connection may not be
handed to the internal network if there is a f/w in front of it, which
validates the handshake. More info as to what you are trying to get past O/S
wise as well as network topology would be most helpful.
Cheers,
Don
----------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
1.613.302.2910(c)
----------------------------------------
>From: Ben Timby <asp@webexc.com>
>To: pen-test@securityfocus.com
>Subject: All tcp ports open?
>Date: Sun, 29 Aug 2004 02:04:08 -0500
>
>I am not sure what is doing this, but I assume it is a software (or some
>kind of) firewall/hids, can anybody point me in the right direction?
>
>I am pen-testing a Windows webserver, and a port scan reveals ALL tcp ports
>open. hping also confirms that a SA is returned for any S packets sent to
>any port I try. I can connect via netcat any of the ports, and send data,
>but nothing is returned. In order to verify services, I am required to
>connect and check for a banner or send appropriate protocol commands to
>elicit a response.
>
>Has anyone seen this, or have any idea of what this is?
>
>Thanks.
>
>------------------------------------------------------------------------------
>Ethical Hacking at the InfoSec Institute. All of our class sizes are
>guaranteed to be 12 students or less to facilitate one-on-one interaction
>with one of our expert instructors. Check out our Advanced Hacking course,
>learn to write exploits and attack security infrastructure. Attend a course
>taught by an expert instructor with years of in-the-field pen testing
>experience in our state of the art hacking lab. Master the skills of an
>Ethical Hacker to better assess the security of your organization.
>
>http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>-------------------------------------------------------------------------------
>
_________________________________________________________________
Take charge with a pop-up guard built on patented Microsoft® SmartScreen
Technology.
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSN® Premium right now and get the
first two months FREE*.
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
- Previous message: Andres Riancho: "Re: All tcp ports open?"
- Maybe in reply to: Ben Timby: "All tcp ports open?"
- Next in thread: Varun Pitale: "Re: All tcp ports open?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
