Re: nmap in vmware



There can be a multitude of things affecting you here.
1. Good that you notify these folks. Just out of curiosity, why would
you perform vul assesment from behind a firewall?

2. The Framework could be sending over dozens of different ports, most
of which are probably blocked as incoming at the firewall, even if they
are part of an established session. They could also be blocked as
outbound, again, depending on ruleset.

3. I'm not sure if you are referring to the source or destination port
here. The source port really wont matter that much if the outbound rules
on your firewall are wide open. If the firewall is watching outbound
connections, then yes, you need to use ports that the firewall will
tolerate. If you are referring to the destination port, then you must
use the default port of the service that is being exploited. (assuming
the target system is using default ports). Its important that you use
these ports because that is how the target OS is determining what
services to pass the network request to.

4. This almost seems as though you aren't fully establishing a
connection. (the handshake process isn't successful)

5. The result of the exploit will depend on a.) whether or not it was
successful and b.) what payload you are using in conjunction with the
exploit.

Hope this helps

-Brad



offset wrote:
Looking for any negative experiences with running nmap under Fedora Core 5 under vmware

VMware host is Windows XP SP2 running VMware workstation (latest version) with Fedora Core 5

Thanks in advance,

-off

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------




Attachment: signature.asc
Description: OpenPGP digital signature



Relevant Pages

  • Re: Ports getting hammered?
    ... >>> If your Watchguard can't stop outbound traffic... ... >>> Would not the Windows XP firewall do exactly the same work? ... >> protocol analysis to see if protocols are being broken only a IDS ... > permitted ports and protocols. ...
    (comp.security.firewalls)
  • Re: Networking over mains cables
    ... 'inbound and outbound, only if initiated by me' and ... the firewall so a webserver needs to allow inbound HTTP ... In this context the ports are conceptual. ...
    (comp.sys.acorn.networking)
  • Re: Networking over mains cables
    ... 'inbound and outbound, only if initiated by me' and ... the firewall so a webserver needs to allow inbound HTTP ... After all, I have read about 'ports' for years, but never ...
    (comp.sys.acorn.networking)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-questions)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-current)