Re: Strange response from network

From: Ben Timby (asp_at_webexc.com)
Date: 09/16/04

Next message: John Floyd: "RE: Web Application Tester"

Previous message: Mambo Dsouza: "Re: Web Application Tester"
In reply to: Shashank Rai: "Strange response from network"
Next in thread: David Coppa: "Re: Strange response from network"
Reply: David Coppa: "Re: Strange response from network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 15 Sep 2004 17:03:03 -0500
To: shashrai@emirates.net.ae

Shashank Rai wrote:

> My questions:
> a) any idea what kind of filtering system can this be

My guess is that hop 7 is home of a firewall of some sort. I don't have
any recollection of one that would act this way, perhaps it's internal
rule processing causes it to RST connections when it expires ttl. I
don't know, perhaps another list member would know what device or
firewall software would behave in such a manner.

> b) is it possible to determine the IP of the 7th HOP.

Regarding the port number, my guess is that port 2443 is the 2nd SSL
server 2 + 443 (443 = SSL). Nmap simply uses the common ports database
to guess what service generally resides at the open port it found. For
instance, if I ran my FTP server on port 22, nmap would detect it as an
SSH server. I think there is a switch to have it grab the banner for
you, but I have not used this feature.

Hope that helps.

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Next message: John Floyd: "RE: Web Application Tester"

Previous message: Mambo Dsouza: "Re: Web Application Tester"
In reply to: Shashank Rai: "Strange response from network"
Next in thread: David Coppa: "Re: Strange response from network"
Reply: David Coppa: "Re: Strange response from network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Tool to find hidden web proxy server
... reporter that runs as a service and periodically reports on port usage. ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... learn to write exploits and attack security infrastructure. ...
(Pen-Test)
RE: All tcp ports open?
... firewall respond with all open ports. ... all ports are reported closed but rsh is reported open. ... Check out our Advanced Hacking ... Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. ...
(Pen-Test)
RE: Tool to find hidden web proxy server
... a port scan of your hosts and look for suspicious or non-standard ports. ... Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ...
(Pen-Test)
Re: All tcp ports open?
... > sent to any port I try. ... It seems like a kind of software firewall, ... The only people for me are the mad ones -- the ones who are mad to live, ... Ethical Hacking at the InfoSec Institute. ...
(Pen-Test)
Re: All tcp ports open?
... > sent to any port I try. ... > Ethical Hacking at the InfoSec Institute. ... Check out our Advanced Hacking ... Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. ...
(Pen-Test)