Penetration Testing mailing list archives
RE: Interesting challenge
From: "Stephen de Vries" <stephen () twisteddelight org>
Date: Sat, 31 Jan 2004 11:54:08 -0500 (EST)
You mentioned that they were using a "simple" firewall. Perhaps the scanning tools are initiating too many connections too quickly, flooding the state tables of the firewall, or if it's a proxying firewall, perhaps launching to many proxy processes. Since the firewall is so busy dealing with all these requests on filtered ports, perhaps it can't service requests to open ports.? You could try slowing down the scanning tools, if you're using nmap try the paranoid timing option (and watch a good film while you're waitiing for it to complete ;) ) Stephen
almost everyone who replied pointed towards icmp. We have tried running the test with icmp disabled. We still do not get a reply on those ports. -SKP -----Original Message----- From: Clement Dupuis [mailto:cdupuis () cccure org] Sent: Friday, January 30, 2004 3:06 PM To: 'Sanjay K. Patel' Subject: RE: Interesting challenge Have you carefully looked at some of the buried down setting under your scanners. It might simply be that it is expecting a reply from a ping request before doing the scanning. Clement-----Original Message----- From: Sanjay K. Patel [mailto:sanjay.patel () rexwire com] Sent: Friday, January 30, 2004 11:43 AM To: pen-test () securityfocus com Subject: Interesting challenge We are doing a pen test for a client and have run into a interesting situation. The client has a server running IIS and Exchange we canget toit through a browser but when we try to run Nessus or Eeye Retinaagainstit, neither product can find the server. The client is not running anyIDSsystem has a simple firewall. A port scan revels no open port thoughport80 is open since the server is serving pages. SKP------------------------------------------------------------------------ --------------------------------------------------------------------------- ------------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Interesting challenge Sanjay K. Patel (Jan 30)
- Re: Interesting challenge Clint Bodungen (Jan 30)
- Re: Interesting challenge wjnorth (Jan 30)
- Re: Interesting challenge David Barroso (Jan 30)
- RE: Interesting challenge Serhan Sevim (Jan 30)
- RE: Interesting challenge Pete Herzog (Jan 31)
- <Possible follow-ups>
- RE: Interesting challenge Steve Goldsby (ICS) (Jan 30)
- RE: Interesting challenge Sanjay K. Patel (Jan 30)
- RE: Interesting challenge Hasnain Atique (Jan 31)
- RE: Interesting challenge Rajesh Jose (Jan 31)
- RE: Interesting challenge Stephen de Vries (Jan 31)
- RE: Interesting challenge Daniel Staal (Jan 31)