Penetration Testing mailing list archives
Firewall Scan
From: IPv7 <listas.internet () gmail com>
Date: Wed, 24 Jun 2009 16:44:52 -0300
Hello Guys, I was doing a normal TCP Scan on port 5900, when I found a strange result: 1st I did a normal TCP scan with Nmap Onix:~# nmap -p 5900 x.x.x.x Starting Nmap 4.62 ( http://nmap.org ) at 2009-06-24 13:52 ART Interesting ports on x.x.x.x: PORT STATE SERVICE 5900/tcp closed vnc Nmap done: 1 IP address (1 host up) scanned in 0.361 seconds But.. if I use telnet/nc with this port, they can connect: Onix:~# telnet x.x.x.x 5900 Trying x.x.x.x... Connected to x.x.x.x. Escape character is '^]'. RFB 003.003 ^C What? I can connect.. Ok, I will perform a more detailed scan: Onix:~# hping -S -p 5900 x.x.x.x HPING 165.140.201.169 (eth1 x.x.x.x): S set, 40 headers + 0 data bytes len=46 ip=x.x.x.x ttl=56 id=16854 sport=5900 flags=RA seq=0 win=512 rtt=2.6 ms ^C --- x.x.x.x hping statistic --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 2.6/2.6/2.6 ms This host return an Reset/ACK, it should be ok if the port was closed, but I can connect with him. WINDOWS SCAN: Onix:~# nmap -sW -p 5900 x.x.x.x Starting Nmap 4.62 ( http://nmap.org ) at 2009-06-24 13:57 ART Interesting ports on x.x.x.x: PORT STATE SERVICE 5900/tcp open vnc Nmap done: 1 IP address (1 host up) scanned in 0.051 seconds Ok, I will look the TCP Windows: First I try to send a TCP Packet with WIN=1 Onix:~# hping -S -w 1 -p 5900 x.x.x.x HPING 165.140.201.169 (eth1 x.x.x.x): S set, 40 headers + 0 data bytes len=46 ip=x.x.x.x ttl=56 id=23123 sport=5900 flags=RA seq=0 win=1 rtt=7.8 ms ^C --- x.x.x.x hping statistic --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 7.8/7.8/7.8 ms In the most cases, shouldn't this host respond with its suggestion of window's size?? Then I sent the same with WIN=4096 Onix:~# hping -S -w 4096 -p 5900 x.x.x.x HPING 165.140.201.169 (eth1 x.x.x.x): S set, 40 headers + 0 data bytes len=46 ip=x.x.x.x ttl=56 id=23123 sport=5900 flags=RA seq=0 win=1 rtt=7.8 ms ^C --- x.x.x.x hping statistic --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 7.8/7.8/7.8 ms I can't understad this! Some idea? -- --------------------------------------- - El conocimiento es poder - - y el saber nos hace libres. - ---------------------------------- netvulcano.wordpress.com Linux User #405757 Machine Linux #310536 ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Firewall Scan IPv7 (Jun 26)
- Re: Firewall Scan SD List (Jun 26)
- RE: Firewall Scan Shenk, Jerry A (Jun 26)
- RE: Firewall Scan Erin Carroll (Jun 26)
- Re: Firewall Scan Todd Haverkos (Jun 26)
- Re: Firewall Scan Guilherme Alves (Jun 29)
- Re: Firewall Scan Chris Brenton (Jun 30)