Penetration Testing mailing list archives
Re: Interesting challenge
From: "David Barroso" <dbarroso () s21sec com>
Date: Fri, 30 Jan 2004 20:28:44 +0100 (CET)
We are doing a pen test for a client and have run into a interesting situation. The client has a server running IIS and Exchange we can get to it through a browser but when we try to run Nessus or Eeye Retina against it, neither product can find the server. The client is not running any IDS system has a simple firewall. A port scan revels no open port though port 80 is open since the server is serving pages.
Sanjay, perhaps an additional layer of security is implemented, which silently drops all packets received from a specific host, if it detects a portscan from that host, and accepts a normal traffic flow if it does not detect any 'attack'. This countermeasure could be installed in your client's site, or, on the other hand, maybe your egress traffic is being filtered. David --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Interesting challenge Sanjay K. Patel (Jan 30)
- Re: Interesting challenge Clint Bodungen (Jan 30)
- Re: Interesting challenge wjnorth (Jan 30)
- Re: Interesting challenge David Barroso (Jan 30)
- RE: Interesting challenge Serhan Sevim (Jan 30)
- RE: Interesting challenge Pete Herzog (Jan 31)
- <Possible follow-ups>
- RE: Interesting challenge Steve Goldsby (ICS) (Jan 30)
- RE: Interesting challenge Sanjay K. Patel (Jan 30)
- RE: Interesting challenge Hasnain Atique (Jan 31)
- RE: Interesting challenge Rajesh Jose (Jan 31)
- RE: Interesting challenge Stephen de Vries (Jan 31)
- RE: Interesting challenge Daniel Staal (Jan 31)