Re: No information on open ( Fake) ports

[Claudio Broglia <xeon () sysroot eu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Hi all,
Hi Em see,

> While conducting pentest I found nmap giving some open ports with -sS scan & -sV scan giving status open|filtered. 
> But when I tried to telnet the ports for banner, I was not able gather any information timeout happened.
>
> I think this is because of IPtables with tarpit or kernal hardning?
>
> what could be the other reasons for this?

It is not clear if you got the connection but no header come back, or if
 no connection could not be established. I assume that you could
connect, but got no header.
Maybe, the service listening on that port expect not textual, but binary
data (like, for example, DCE on 135/tcp), because it work with a binary
protocol with well-formatted messages.
Or, if your target is a linux of some kind, maybe these ports are
guarded with a port-knocking mechanism.

- From the scan results you've attached, it seems that the machine is a
all-doing service machine (ssh, telnet, smtp and many others), so or it
is a well established honeypot, or (more probably) a gold-mine if
exploited ;)

Good luck

- -xeon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFI12mXdPj0aKBXx10RAuN/AKCNjtgBujU4MK9qB+N3JsYSvzWtbwCg0gp6
Ma/tjIEnEtYC8qVFy9672a4=
=CJs4
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------