Penetration Testing mailing list archives
RE: Interesting challenge
From: "Serhan Sevim" <sevims () mezun com>
Date: Fri, 30 Jan 2004 14:50:55 -0500
We are doing a pen test for a client and have run into a interesting situation. The client has a server running IIS and Exchange we can get to it through a browser but when we try to run Nessus or Eeye Retina against it, neither product can find the server. The client is not running any IDS system has a simple firewall. A port scan revels no open port though port 80 is open since the server is serving pages.
How would you know if the client is protected by a "simple firewall"? It *might* be a similar protection I use. If a host starts to scan the target machine starting from TCP port 1 and goes fast up incrementally one by one, up to say, 20th port under a second. Than the portscanner protector is triggered at the client host and you're blacklisted for,say, 20 minutes. For 20 minutes firewall chain will drop every packet coming from the unknown scanning source. Meanwhile, by the time you're trying to see if the ftp port 21 is open or not, you're already blacklisted. Dropping every packet destined for a specific port depends on protected clients' desire. In your case I guess he/she chose not to drop packets destined for port 80. Well, this may or may not be your situation. But this is definitely something in practice people use. Serhan. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Interesting challenge Sanjay K. Patel (Jan 30)
- Re: Interesting challenge Clint Bodungen (Jan 30)
- Re: Interesting challenge wjnorth (Jan 30)
- Re: Interesting challenge David Barroso (Jan 30)
- RE: Interesting challenge Serhan Sevim (Jan 30)
- RE: Interesting challenge Pete Herzog (Jan 31)
- <Possible follow-ups>
- RE: Interesting challenge Steve Goldsby (ICS) (Jan 30)
- RE: Interesting challenge Sanjay K. Patel (Jan 30)
- RE: Interesting challenge Hasnain Atique (Jan 31)
- RE: Interesting challenge Rajesh Jose (Jan 31)
- RE: Interesting challenge Stephen de Vries (Jan 31)
- RE: Interesting challenge Daniel Staal (Jan 31)