Penetration Testing mailing list archives
port scan to juniper fw
From: "raimarm () gmail com" <raimarm () googlemail com>
Date: Sun, 18 Oct 2009 14:15:25 +0200
Dear list, I am performing a port scan to an IP address of juniper SSG firewall (6.2.r3). When the port scan finishes the results show me a lot of open ports although they are not open. Further the results differ and the same scan shows different open ports next time. The tcpdump during the port scan shows me that the fw is answering with a syn-ack after the third syn. Why is this happening ? I would expect no answer or a rst packet. I would be very happy if somebody could explain me this strange behaviour and let me know how I can fix it. Maybe there is an option on the fw to switch this off. This is the nmap scan command: nmap -sS -P0 <fw-untrust-ip> Many Thanks rm ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- port scan to juniper fw raimarm () gmail com (Oct 19)
- Re: port scan to juniper fw Paul Melson (Oct 21)
- Re: port scan to juniper fw raimarm () gmail com (Oct 21)
- Re: port scan to juniper fw aditya mukadam (Oct 27)
- Re: port scan to juniper fw Huzeyfe ONAL(Gmail) (Oct 28)
- Re: port scan to juniper fw raimarm () gmail com (Oct 21)
- Re: port scan to juniper fw Paul Melson (Oct 21)