Re: IDS which denies access after one "false" scanned port



HoneyPoint can act that way if an active response plugin is enabled.

It's "black holing" …

On Dec 21, 2011, at 7:20 AM, Martin T wrote:

I found a webserver, which serves webpage on TCP port 80, but in case
I try to connect to any other TCP port, my IP will be blocked for
10min. Example below:

[root@ ~]# ping -qc1 www.<domain>.com
PING www.<domain>.com (10.10.10.3): 56 data bytes

--- www.<domain>.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.793/1.793/1.793/0.000 ms
[root@ ~]# telnet www.<domain>.com 80
Trying 10.10.10.3...
Connected to www.<domain>.com.
Escape character is '^]'.
Connection closed by foreign host.
[root@ ~]# telnet www.<domain>.com 37219
Trying 10.10.10.3...
^C
[root@ ~]# telnet www.<domain>.com 80
Trying 10.10.10.3...
^C
[root@ ~]# ping -qc1 www.<domain>.com
PING www.<domain>.com (10.10.10.3): 56 data bytes

--- www.<domain>.com ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
[root@ ~]#


Anyone seen such behavior before? Is it somehow possible to
detect/guess, which IDS this might be? Any other suggestions how to
find out more information about this IDS and server behind it?


regards,
martin

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages