Re: Interesting challenge

[Paul Johnston <paul () westpoint ltd uk>]

Sanjay,

You get a connection using a web browser, so presumably you must at 
least get a TCP connection if you use telnet from the same box you used 
the web browser from? However, you don't see any open ports from 
Nessus/Retina? If you look at the SYN packets sent in these situations, 
you'll see that SYN scanners tend to use much 'leaner' packets than the 
kernel generates. Presumably it is possible to filter on this basis, and 
I notice another poster said OpenBSD could do this. So you may get 
better results if you use a TCP connect() scan, rather than a SYN scan. 
However, realistically it is more likely that you are doing something 
wrong when running Nessus/Retina, be it using "ping the remote host" or 
giving it a domain name that has multiple A records or whatever.

Paul

Sanjay K. Patel wrote:

> almost everyone who replied pointed towards icmp. We have tried running the
> test with icmp disabled. We still do not get a reply on those ports.
>
> -SKP
>  
--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk



---------------------------------------------------------------------------
----------------------------------------------------------------------------