Re: All tcp ports open?

From: Bill Burge (bill_at_burge.com)
Date: 08/31/04

  • Next message: Bénoni MARTIN: "RE: Test scripts for NIDS" 
    Date: Mon, 30 Aug 2004 16:45:53 -0700
To: pen-test@securityfocus.com

    An SSL connection doesn't respond with a banner. (to a port scan)

    Quite a few of them darn things around, I rekon...

    bb

    *********** REPLY SEPARATOR ***********

    On 8/30/2004 at 12:28 AM Erik Birkholz wrote:

    >Just a clarification for the list based on Andres' post.
    >
    >"I think it should be safe
    >to say that any *real* program will respond with a banner"
    >
    >This is not a safe assumption, many services do not respond with a banner.
    >Some common examples are Terminal Server and MS SQL Server.
    >
    >Btw, I have seen this behavior when scanning through a sidewinder
    >firewall. The sidewinder has the capability to send a tcp syn/ack packet
    >response after droping the inbound packet. Kinda neat, like a deny
    >response but so much better. :)
    >
    >
    >---------------------------------------
    >(Msg from BlackBerry Wireless Handheld)
    >---------------------------------------
    >Erik Pace Birkholz - CISSP, MCSE
    >Foundstone, Inc.
    >Strategic Security
    >
    >Read Special Ops and mount an assault to eradicate network negligence
    >today. www.SpecialOpsSeries.com
    >
    >[Tel] 949.297.5591
    >[Cel] 323.252.5916
    >[Fax] 949.297.5575
    >[pgp] https://www.foundstone.com/pgpkeys/erik-birkholz.asc
    >
    >-----Original Message-----
    >From: Andres Riancho <andresit@fibertel.com.ar>
    >To: Massimo Cetra <mcetra@navynet.it>; 'Ben Timby' <asp@webexc.com>;
    >pen-test@securityfocus.com <pen-test@securityfocus.com>
    >Sent: Mon Aug 30 00:50:21 2004
    >Subject: Re: All tcp ports open?
    >
    >Ben ,
    > What about "nmap -sV" ? this will still give you a complete list of
    >open ports , but also will retrieve the banners. I think it should be safe
    >to say that any *real* program will respond with a banner , so ,only the
    >ports with banners will be the ones you should pen-test.
    >
    >Andres Riancho
    > SOC Impsat
    >
    >
    >----- Original Message -----
    >From: "Massimo Cetra" <mcetra@navynet.it>
    >To: "'Ben Timby'" <asp@webexc.com>; <pen-test@securityfocus.com>
    >Sent: Sunday, August 29, 2004 11:10 AM
    >Subject: RE: All tcp ports open?
    >
    >
    >> > I am not sure what is doing this, but I assume it is a
    >> > software (or some
    >> > kind of) firewall/hids, can anybody point me in the right direction?
    >> >
    >> > I am pen-testing a Windows webserver, and a port scan reveals ALL tcp
    >> > ports open. hping also confirms that a SA is returned for any
    >> > S packets
    >> > sent to any port I try. I can connect via netcat any of the
    >> > ports, and
    >> > send data, but nothing is returned. In order to verify services, I am
    >> > required to connect and check for a banner or send
    >> > appropriate protocol
    >> > commands to elicit a response.
    >> >
    >> > Has anyone seen this, or have any idea of what this is?
    >>
    >> http://www.iptables.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT
    >>
    >> This is for Linux but may help you finding more informations.
    >>
    >> Max
    >>
    >>
    >>
    >>
    >>
    >--------------------------------------------------------------------------
    >----
    >> Ethical Hacking at the InfoSec Institute. All of our class sizes are
    >> guaranteed to be 12 students or less to facilitate one-on-one interaction
    >> with one of our expert instructors. Check out our Advanced Hacking
    >course,
    >> learn to write exploits and attack security infrastructure. Attend a
    >course
    >> taught by an expert instructor with years of in-the-field pen testing
    >> experience in our state of the art hacking lab. Master the skills of an
    >> Ethical Hacker to better assess the security of your organization.
    >>
    >> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    >>
    >--------------------------------------------------------------------------
    >-----
    >>
    >>
    >
    >
    >------------------------------------------------------------------------------
    >Ethical Hacking at the InfoSec Institute. All of our class sizes are
    >guaranteed to be 12 students or less to facilitate one-on-one interaction
    >with one of our expert instructors. Check out our Advanced Hacking course,
    >learn to write exploits and attack security infrastructure. Attend a course
    >taught by an expert instructor with years of in-the-field pen testing
    >experience in our state of the art hacking lab. Master the skills of an
    >Ethical Hacker to better assess the security of your organization.
    >
    >http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    >-------------------------------------------------------------------------------
    >
    >
    >
    >------------------------------------------------------------------------------
    >Ethical Hacking at the InfoSec Institute. All of our class sizes are
    >guaranteed to be 12 students or less to facilitate one-on-one interaction
    >with one of our expert instructors. Check out our Advanced Hacking course,
    >learn to write exploits and attack security infrastructure. Attend a course
    >taught by an expert instructor with years of in-the-field pen testing
    >experience in our state of the art hacking lab. Master the skills of an
    >Ethical Hacker to better assess the security of your organization.
    >
    >http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    >-------------------------------------------------------------------------------

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.

    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------

  • Next message: Bénoni MARTIN: "RE: Test scripts for NIDS"

    Relevant Pages

    • Re: All tcp ports open?
      ... This is not a safe assumption, many services do not respond with a banner. ... Subject: All tcp ports open? ... > Ethical Hacking at the InfoSec Institute. ... > learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • Re: EC-Counsil
      ... >>Ethical Hacking at the InfoSec Institute. ... >>with one of our expert instructors. ... Check out our Advanced Hacking ... >>learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: EC-Counsil (Book Review) Can we wrap this thread up?
      ... >>>Ethical Hacking at the InfoSec Institute. ... >>>with one of our expert instructors. ... >>>learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: [ok] Windows 2003 HAck
      ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • Re: EC-Counsil (Book Review) Can we wrap this thread up?
      ... I don't think you can go far wrong with the Hacking Exposed books, ... >> Ethical Hacking at the InfoSec Institute. ... >> with one of our expert instructors. ... >> learn to write exploits and attack security infrastructure. ...
      (Pen-Test)