Security Basics mailing list archives
Re: IDS which denies access after one "false" scanned port
From: Todd Haverkos <infosec () haverkos com>
Date: Wed, 21 Dec 2011 20:41:16 -0600
Martin T <m4rtntns () gmail com> writes:
I found a webserver, which serves webpage on TCP port 80, but in case I try to connect to any other TCP port, my IP will be blocked for 10min. Example below: [root@ ~]# ping -qc1 www.<domain>.com PING www.<domain>.com (10.10.10.3): 56 data bytes
Hi Martin, In the very unlikely case: a) this is for a client and you have permission to do this b) denial of service is in-scope for the engagement c) you have unusually clean access to the internet that will pass spoofed packets relatively intact and d) you're mildly insane and have no business sense ...you could send some packets to various ports spoofed pretending to be from, oh... the 13 root DNS servers and see if they were bright enough to whitelist those servers from this behavior. :-) If they haven't, I think it's still possible they'd be in for some rather unpleasant DNS resolution issues with this lockout behavior. But it'd be a good idea to talk them through that attack scenario to make sure they've thought about that. :-) If you need to portscan something like this, nmap's idle scan can be rather handy. Most of the work there is finding suitably quiet zombies to leverage. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- IDS which denies access after one "false" scanned port Martin T (Dec 21)
- Re: IDS which denies access after one "false" scanned port Samuel Lavitt (Dec 21)
- Re: IDS which denies access after one "false" scanned port Matthew Caron (Dec 21)
- Re: IDS which denies access after one "false" scanned port Orlando Leon (Dec 21)
- Re: IDS which denies access after one "false" scanned port Todd Haverkos (Dec 22)
- Re: IDS which denies access after one "false" scanned port Brent Huston (Dec 22)