Penetration Testing mailing list archives
RE: Interesting challenge
From: "Rajesh Jose" <rajesh.jose () paladion net>
Date: Sat, 31 Jan 2004 17:57:35 +0530
Sanjay, Can you try telnetting to the server on port 80 and 443. Telnet www.yourclientserver.com 80. Try nmap or any other syn port scanner to port 80 and 443 only. nmap -P0 -sS -p 80, 443 www.yourclientserver.com You should get a reply (syn/ack) from the server for both of the above commands if the ports are open. In nessus vulnerability scan try giving the following settings 1) Scan only user specified range (Give common ports used by IIS and Exchange) 2) Change "checks_read_timeout = " value in nessusd.conf or .nessusrc to 15 seconds (This will help if you are using a slow network link) Regards, Rajesh Jose, CISSP Paladion Networks. Ph: +91 22 55910513 / 27892889 Web: http://www.paladion.net Mob: 098205 04308 "This e-mail message may contain confidential or proprietary information. Do not use it if you are not the original intended recipient. As e-mail may be altered electronically, Paladion Networks cannot guarantee the integrity of this communication. Before opening any attachments please recheck them for viruses and defects." -----Original Message----- From: Sanjay K. Patel [mailto:sanjay.patel () rexwire com] Sent: Saturday, January 31, 2004 3:26 AM To: 'Clement Dupuis' Cc: pen-test () securityfocus com Subject: RE: Interesting challenge almost everyone who replied pointed towards icmp. We have tried running the test with icmp disabled. We still do not get a reply on those ports. -SKP -----Original Message----- From: Clement Dupuis [mailto:cdupuis () cccure org] Sent: Friday, January 30, 2004 3:06 PM To: 'Sanjay K. Patel' Subject: RE: Interesting challenge Have you carefully looked at some of the buried down setting under your scanners. It might simply be that it is expecting a reply from a ping request before doing the scanning. Clement
-----Original Message----- From: Sanjay K. Patel [mailto:sanjay.patel () rexwire com] Sent: Friday, January 30, 2004 11:43 AM To: pen-test () securityfocus com Subject: Interesting challenge We are doing a pen test for a client and have run into a interesting situation. The client has a server running IIS and Exchange we can
get to
it through a browser but when we try to run Nessus or Eeye Retina
against
it, neither product can find the server. The client is not running any
IDS
system has a simple firewall. A port scan revels no open port though
port
80 is open since the server is serving pages. SKP
------------------------------------------------------------------------ -
--
------------------------------------------------------------------------ -
---
------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Interesting challenge Sanjay K. Patel (Jan 30)
- Re: Interesting challenge Clint Bodungen (Jan 30)
- Re: Interesting challenge wjnorth (Jan 30)
- Re: Interesting challenge David Barroso (Jan 30)
- RE: Interesting challenge Serhan Sevim (Jan 30)
- RE: Interesting challenge Pete Herzog (Jan 31)
- <Possible follow-ups>
- RE: Interesting challenge Steve Goldsby (ICS) (Jan 30)
- RE: Interesting challenge Sanjay K. Patel (Jan 30)
- RE: Interesting challenge Hasnain Atique (Jan 31)
- RE: Interesting challenge Rajesh Jose (Jan 31)
- RE: Interesting challenge Stephen de Vries (Jan 31)
- RE: Interesting challenge Daniel Staal (Jan 31)