Penetration Testing mailing list archives
Re: No information on open ( Fake) ports
From: Claudio Broglia <xeon () sysroot eu>
Date: Mon, 22 Sep 2008 11:47:04 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi all,
Hi Em see,
While conducting pentest I found nmap giving some open ports with -sS scan & -sV scan giving status open|filtered. But when I tried to telnet the ports for banner, I was not able gather any information timeout happened. I think this is because of IPtables with tarpit or kernal hardning? what could be the other reasons for this?
It is not clear if you got the connection but no header come back, or if no connection could not be established. I assume that you could connect, but got no header. Maybe, the service listening on that port expect not textual, but binary data (like, for example, DCE on 135/tcp), because it work with a binary protocol with well-formatted messages. Or, if your target is a linux of some kind, maybe these ports are guarded with a port-knocking mechanism. - From the scan results you've attached, it seems that the machine is a all-doing service machine (ssh, telnet, smtp and many others), so or it is a well established honeypot, or (more probably) a gold-mine if exploited ;) Good luck - -xeon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFI12mXdPj0aKBXx10RAuN/AKCNjtgBujU4MK9qB+N3JsYSvzWtbwCg0gp6 Ma/tjIEnEtYC8qVFy9672a4= =CJs4 -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- No information on open ( Fake) ports skynetonsecurity (Sep 20)
- Re: No information on open ( Fake) ports Claudio Broglia (Sep 22)