Inaccessible Port 80 - Pentest

From: "arvind doraiswamy" <arvind.doraiswamy@xxxxxxxxx>
Date: Fri, 8 Aug 2008 09:15:14 +0530

Hey Guys,
Very recently we did a PenTest for a client where we came across a
strange(atleast to me) situation. Had an IP block which on scanning
revealed only port 80 open which sounded ok. Any kind of requests
though from the external world - I tried from multiple IP's and even
through TOR were blocked by a firewall which kept displaying its
custom "Access denied" page. So obviously there was some kind of IP
based restriction in place which said -- Only these IP's can connect
to whatever is running on port 80. No problems till here.

My question is: Why would anyone want to have a live server on the
Internet, open one port on it and then block it from public use?
Obvious answers that sprung to mind were:
a) Maybe its an internal server running a web app to be accessed only internally
----- So why is it public , in the DMZ then? Shouldnt it be
on the internal network?
b) Maybe some hosts/apps on the internal network needed to connect to
port 80 of a DMZ server before going out?
------ Then again why is it public. These servers could be
placed on an internal segment and the traffic could be NATTEd before
it goes out like all other Internet destined traffic. And Secondly I
am not able to think of a situation like this --- What traffic apart
from a proxy could behave this way --- where I have -- Internal IP
-------> DMZIP:80 ---------> Internet ? And mind you this wasnt just 1
IP - there were many, so I'm quite sure I've missed something.

What are your thoughts?

Thnx
Arvind

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Follow-Ups:
- Re: Inaccessible Port 80 - Pentest
  - From: Steve Armstrong
- Re: Inaccessible Port 80 - Pentest
  - From: kevin horvath
- RE: Inaccessible Port 80 - Pentest
  - From: Shenk, Jerry A
- Re: Inaccessible Port 80 - Pentest
  - From: Matthew Leeds

Prev by Date: Re: SQL injection ( and being a pen tester means being good in every area)
Next by Date: RE: Please post the names of any pentesting companies in India, if any
Previous by thread: SQL injection ( and being a pen tester means being good in every area)
Next by thread: Re: Inaccessible Port 80 - Pentest
Index(es):
- Date
- Thread

Relevant Pages

RE: RRAS Port configuration
... it conencts to the internet via PPPoE and does not get issued an IP ... The server obviously gives it one of those random 169 addresses. ... I am not quite sure about your word "open port 40010". ... SBS clients or server need to access port 40010 on the internet? ...
(microsoft.public.windows.server.sbs)
RE: VBscript Error on SBS2k3
... DHCP Server turned of SonicWALL with VPN Pass through request for IP to ... the problem should be caused by the 4125 port. ... > | Accessories and Communications and Remote Desktop Connection? ... > | 2.In Internet Explorer on the workstation you are connecting from, ...
(microsoft.public.windows.server.sbs)
Re: Public Static IP Routing
... Right-click on your external / internet nic & select Properties. ... Surveillance), set the incoming port to 1024, the private address to ... Chad A. Gross - SBS MVP ... >> Surveillance server is already being used by something else on your ...
(microsoft.public.windows.server.sbs)
RE: Remote Web Workplace
... 825763 How to configure Internet access in Windows Small Business Server ... Port 21 enable external and internal file transfer ... Port 80 enables all nonsecure browser access, ...
(microsoft.public.windows.server.sbs)
RE: RRAS Port configuration
... I am not quite sure about your word "open port 40010". ... SBS clients or server need to access port 40010 on the internet? ...
(microsoft.public.windows.server.sbs)