Home page logo

basics logo Security Basics mailing list archives

Re: IDS which denies access after one "false" scanned port
From: Samuel Lavitt <samuel.lavitt () tectia com>
Date: Wed, 21 Dec 2011 18:44:18 +0200

I encountered a system like this before, it was an IDS setup by some
consultants from IBM for a project I audited, as part of one of their
outsourced websphere systems.  I do not know the actual IDS, but it 
made the audit damn difficult, as it was also prone to locking me out
whenever I caused too many server errors (where too many was something
~50 HTTP 400s or 500s in a 15m period).  Burp's automated intruder,
directory scans, etc. were all worthless as a result.

Did manage some success using purely manual testing, mostly simple XSS
attacks though, worked well on the language selection ;)

On 12/21/2011 02:20 PM, Martin T wrote:
I found a webserver, which serves webpage on TCP port 80, but in case
I try to connect to any other TCP port, my IP will be blocked for
10min. Example below:

[root@ ~]# ping -qc1 www.<domain>.com
PING www.<domain>.com ( 56 data bytes

--- www.<domain>.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.793/1.793/1.793/0.000 ms
[root@ ~]# telnet www.<domain>.com 80
Connected to www.<domain>.com.
Escape character is '^]'.
Connection closed by foreign host.
[root@ ~]# telnet www.<domain>.com 37219
[root@ ~]# telnet www.<domain>.com 80
[root@ ~]# ping -qc1 www.<domain>.com
PING www.<domain>.com ( 56 data bytes

--- www.<domain>.com ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
[root@ ~]#

Anyone seen such behavior before? Is it somehow possible to
detect/guess, which IDS this might be? Any other suggestions how to
find out more information about this IDS and server behind it?


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 


Attachment: signature.asc
Description: OpenPGP digital signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]