Penetration Testing mailing list archives
RE: Interesting challenge
From: "Eric S. Boltz" <EBoltz () Burcawinc com>
Date: Sun, 1 Feb 2004 01:30:29 -0500
I would be the last person to suggest that I am an authority on security, however... You mentioned that they are running Exchange and IIS. What I have seen done before in that situation is that they set the IIS to only respond based on host header name (if that is the right term), ie: 10.0.0.4/default.htm woudln't work, but www.domain.com/default.htm would. I have watched both Retina and Nessus bounce off of those sites with nary a whimper, when I KNEW that the site was vulnerable to some fairly simple attacks, because they scan at the IP address, rather than using host header names in their scans. Dunno, it may be something to look at. -----Original Message----- From: Sanjay K. Patel To: 'Clement Dupuis' Cc: pen-test () securityfocus com Sent: 1/30/2004 4:55 PM Subject: RE: Interesting challenge almost everyone who replied pointed towards icmp. We have tried running the test with icmp disabled. We still do not get a reply on those ports. -SKP -----Original Message----- From: Clement Dupuis [mailto:cdupuis () cccure org] Sent: Friday, January 30, 2004 3:06 PM To: 'Sanjay K. Patel' Subject: RE: Interesting challenge Have you carefully looked at some of the buried down setting under your scanners. It might simply be that it is expecting a reply from a ping request before doing the scanning. Clement
-----Original Message----- From: Sanjay K. Patel [mailto:sanjay.patel () rexwire com] Sent: Friday, January 30, 2004 11:43 AM To: pen-test () securityfocus com Subject: Interesting challenge We are doing a pen test for a client and have run into a interesting situation. The client has a server running IIS and Exchange we can
get to
it through a browser but when we try to run Nessus or Eeye Retina
against
it, neither product can find the server. The client is not running any
IDS
system has a simple firewall. A port scan revels no open port though
port
80 is open since the server is serving pages. SKP
------------------------------------------------------------------------ -
--
------------------------------------------------------------------------ -
---
------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Interesting challenge Paul Johnston (Feb 02)
- <Possible follow-ups>
- RE: Interesting challenge Eric S. Boltz (Feb 02)