Penetration Testing mailing list archives
Re: FTP Window of opportunity?
From: "Nexus" <nexus () patrol i-way co uk>
Date: Wed, 24 Mar 2004 19:28:45 -0000
----- Original Message ----- From: "Jerry Shenk" <jshenk () decommunications com> To: <pen-test () securityfocus com> Sent: Wednesday, March 24, 2004 3:36 AM Subject: RE: FTP Window of opportunity? [snip]
BTW, some firewalls (Raptor at least) intentionally respond to all kinds of crazy traffic. It seems that they intentionally try to confuse an attacker (or pen tester;) by allowing connections to ports that aren't really open.
I'm not sure that's deliberate, rather a wierd-arse side effect of the stateful inspection or ephemeral ports or summat.. *shrug* You will also see similar odd resonses from various vendor implementations of SYN flood 'proxy' defence, where the firewall completes the 3-way handshake itself to you, then tries to connect to the destination host and port on your behalf and if all is well, shovels the traffic across, if not, it just drops you. Cheers. --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- FTP Window of opportunity? C Ryll (Mar 23)
- RE: FTP Window of opportunity? Jerry Shenk (Mar 24)
- Re: FTP Window of opportunity? Nexus (Mar 24)
- Re: FTP Window of opportunity? Josh Tolley (Mar 24)
- Re: FTP Window of opportunity? Anders Thulin (Mar 24)
- <Possible follow-ups>
- RE: FTP Window of opportunity? Stevenson, John G (Mar 24)
- RE: FTP Window of opportunity? Jerry Shenk (Mar 24)
- RE: FTP Window of opportunity? C Ryll (Mar 24)
- Re: FTP Window of opportunity? Erik Birkholz (Mar 25)
- RE: FTP Window of opportunity? Jerry Shenk (Mar 24)