Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Interesting challenge
From: "David Barroso" <dbarroso () s21sec com>
Date: Fri, 30 Jan 2004 20:28:44 +0100 (CET)

We are doing a pen test for a client and have run into a interesting
situation. The client has a server running IIS and Exchange we can get to
it
through a browser but when we try to run Nessus or Eeye Retina against it,
neither product can find the server. The client is not running any IDS
system has a simple firewall. A port scan revels no open port though port
80
is open since the server is serving pages.


Sanjay,
perhaps an additional layer of security is implemented, which silently
drops all packets received from a specific host, if it detects a portscan
from that host, and accepts a normal traffic flow if it does not detect
any 'attack'. This countermeasure could be installed in your client's
site, or, on the other  hand, maybe your egress traffic is being filtered.

David

---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]