Penetration Testing mailing list archives

Re: Open ports

From: Todd Haverkos <infosec () haverkos com>
Date: Fri, 15 Aug 2008 17:34:50 -0500

skynetonsecurity () gmail com writes:

Hi Guys,

I am doing pen-testing for pool of IP's, During pen-test I observed
that some IP's  are giving all  ports open i.e. 65535 in NMAP
result  &  Nessus is giving empty result. 

What could be the reason for this?


More than likely, a firewall between you and the targets. 

What options are you handing to nmap?  

Fyodor's (nmap's lead author) very useful nmap presentation is at
http://insecure.org/presentations/BHDC08/ and svn links to the latest
version of it are in the presentation.

The --reason   flag is rather useful in solving some of these
mysteries.  You also might be interested in the difference in how
various discovery methods vary against stateful firwealls and
non-stateful packet filtering firewalls (slides 8 and 9). 

Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

Open ports skynetonsecurity (Aug 15)
- Re: Open ports Justin Rogosky (Aug 15)
- Re: Open ports R. DuFresne (Aug 15)
- Re:Re: Open ports Roy Firestein (Aug 15)
- Re: Open ports Joel Jose (Aug 15)
- Re: Open ports Michael Kitange (Aug 15)
- Re: Open ports Roy Firestein (Aug 15)
- Re: Open ports Luke Sheldrick (Aug 15)
- Re: Open ports Todd Haverkos (Aug 15)
- Re: Open ports Whitehat (Aug 16)
- <Possible follow-ups>
- RE: Open ports Shenk, Jerry A (Aug 15)