Penetration Testing mailing list archives
Re: Interesting challenge
From: Paul Johnston <paul () westpoint ltd uk>
Date: Mon, 02 Feb 2004 10:19:24 +0000
Sanjay,You get a connection using a web browser, so presumably you must at least get a TCP connection if you use telnet from the same box you used the web browser from? However, you don't see any open ports from Nessus/Retina? If you look at the SYN packets sent in these situations, you'll see that SYN scanners tend to use much 'leaner' packets than the kernel generates. Presumably it is possible to filter on this basis, and I notice another poster said OpenBSD could do this. So you may get better results if you use a TCP connect() scan, rather than a SYN scan. However, realistically it is more likely that you are doing something wrong when running Nessus/Retina, be it using "ping the remote host" or giving it a domain name that has multiple A records or whatever.
Paul Sanjay K. Patel wrote:
almost everyone who replied pointed towards icmp. We have tried running the test with icmp disabled. We still do not get a reply on those ports. -SKP
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul () westpoint ltd uk web: www.westpoint.ltd.uk --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Interesting challenge Paul Johnston (Feb 02)
- <Possible follow-ups>
- RE: Interesting challenge Eric S. Boltz (Feb 02)