Penetration Testing mailing list archives
Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite?
From: Marco Ivaldi <raptor () mediaservice net>
Date: Fri, 13 Mar 2009 12:05:17 +0100 (ora solare Europa occidentale)
On Thu, 12 Mar 2009, Richard Miles wrote:
Hi Marco, Nice to see your reply.
;)
Yes, it say OPEN|FILTERED as all other ports at this host.
Weird. What I meant in my previous email is that you should try something along the lines of:
root@shaolin:~# nmap -n --packet-trace --reason 10.0.0.220 -p 440-445 Starting Nmap 4.76 ( http://nmap.org ) at 2009-03-13 11:46 CET SENT (0.0780s) ARP who-has 10.0.0.220 tell 10.0.0.144 RCVD (0.0790s) ARP reply 10.0.0.220 is-at 00:0C:29:19:94:EFSENT (0.1070s) TCP 10.0.0.144:53535 > 10.0.0.220:443 S ttl=41 id=4691 iplen=44 seq=2996612997 win=2048 <mss 1460> SENT (0.1070s) TCP 10.0.0.144:53535 > 10.0.0.220:441 S ttl=39 id=33943 iplen=44 seq=2996612997 win=4096 <mss 1460> SENT (0.1070s) TCP 10.0.0.144:53535 > 10.0.0.220:445 S ttl=38 id=25659 iplen=44 seq=2996612997 win=3072 <mss 1460> SENT (0.1070s) TCP 10.0.0.144:53535 > 10.0.0.220:442 S ttl=56 id=2974 iplen=44 seq=2996612997 win=1024 <mss 1460> SENT (0.1070s) TCP 10.0.0.144:53535 > 10.0.0.220:440 S ttl=57 id=4341 iplen=44 seq=2996612997 win=2048 <mss 1460> SENT (0.1070s) TCP 10.0.0.144:53535 > 10.0.0.220:444 S ttl=55 id=57289 iplen=44 seq=2996612997 win=4096 <mss 1460> RCVD (0.1070s) TCP 10.0.0.220:443 > 10.0.0.144:53535 SA ttl=128 id=44500 iplen=44 seq=4269415853 win=64240 ack=2996612998 <mss 1460> RCVD (0.1070s) TCP 10.0.0.220:441 > 10.0.0.144:53535 RA ttl=128 id=44501 iplen=40 seq=0 win=0 ack=2996612998 RCVD (0.1070s) TCP 10.0.0.220:445 > 10.0.0.144:53535 SA ttl=128 id=44502 iplen=44 seq=3878712938 win=64240 ack=2996612998 <mss 1460> RCVD (0.1080s) TCP 10.0.0.220:442 > 10.0.0.144:53535 RA ttl=128 id=44503 iplen=40 seq=0 win=0 ack=2996612998 RCVD (0.1080s) TCP 10.0.0.220:440 > 10.0.0.144:53535 RA ttl=128 id=44504 iplen=40 seq=0 win=0 ack=2996612998 RCVD (0.1080s) TCP 10.0.0.220:444 > 10.0.0.144:53535 RA ttl=128 id=44505 iplen=40 seq=0 win=0 ack=2996612998
Interesting ports on 10.0.0.220: PORT STATE SERVICE REASON 440/tcp closed sgcp reset 441/tcp closed decvms-sysmgt reset 442/tcp closed cvc_hostd reset 443/tcp open https syn-ack 444/tcp closed snpp reset 445/tcp open microsoft-ds syn-ack MAC Address: 00:0C:29:19:94:EF (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.19 secondsThe "REASON" field and the packet trace should give you the information you need to understand why Nmap reports open|filtered on all TCP ports?!
-- Marco Ivaldi, OPST Lead Security Analyst Data Security Division @ Mediaservice.net Srl http://mediaservice.net/
Current thread:
- Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 10)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? R. DuFresne (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Adriel T. Desautels (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Message not available
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? aditya mukadam (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 15)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Richard Miles (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 12)
- Re: Cisco 3015 concentrator VPN bruteforce? And proxy with easy header rewrite? Marco Ivaldi (Mar 15)