Penetration Testing mailing list archives

Re: FTP Window of opportunity?

From: "Nexus" <nexus () patrol i-way co uk>
Date: Wed, 24 Mar 2004 19:28:45 -0000


----- Original Message ----- 
From: "Jerry Shenk" <jshenk () decommunications com>
To: <pen-test () securityfocus com>
Sent: Wednesday, March 24, 2004 3:36 AM
Subject: RE: FTP Window of opportunity?

[snip]

BTW, some firewalls (Raptor at least) intentionally respond to all kinds
of crazy traffic.  It seems that they intentionally try to confuse an
attacker (or pen tester;) by allowing connections to ports that aren't
really open.


I'm not sure that's deliberate, rather a wierd-arse side effect of the
stateful inspection or ephemeral ports or summat.. *shrug*
You will also see similar odd resonses from various vendor implementations
of SYN flood 'proxy' defence, where the firewall completes the 3-way
handshake itself to you, then tries to connect to the destination host and
port on your behalf and if all is well, shovels the traffic across, if not,
it just drops you.

Cheers.


---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------

Current thread:

FTP Window of opportunity? C Ryll (Mar 23)
- RE: FTP Window of opportunity? Jerry Shenk (Mar 24)
  - Re: FTP Window of opportunity? Nexus (Mar 24)
- Re: FTP Window of opportunity? Josh Tolley (Mar 24)
- Re: FTP Window of opportunity? Anders Thulin (Mar 24)
- <Possible follow-ups>
- RE: FTP Window of opportunity? Stevenson, John G (Mar 24)
  - RE: FTP Window of opportunity? Jerry Shenk (Mar 24)
- RE: FTP Window of opportunity? C Ryll (Mar 24)
- Re: FTP Window of opportunity? Erik Birkholz (Mar 25)