Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pentest - ISA server

From: Volker Tanger <vtlists () wyae de>
Date: Tue, 31 Aug 2010 00:48:22 +0200
Greetings!

"Kurt M. John" <kurt.md.john () gmail com>:

Now for my real question. They have some ISA servers that take care of
all outgoing and incoming traffic. I ran nmap on them and at least one
of them have over 50000 open ports. 


What options did you use on NMAP?
By default it runs a SYN scan (-sS), and if the firewall or server
tested does some type of SYN-Flood-Protection, it will send SYN-ACK
packages without actually querying the host behind it (maybe adding
TCP-cookies). 

By default NMAP will count SYN-ACK answers to SYN queries as open port.

Try running a connect scan (-sT) which runs through all the proper
queries and answers of a TCP handshake and only will count correctly
opened TCP sessions - but then again this will trigger connect messages
in most daemon logs. 

Bye

Volker


-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: