Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Interesting challenge
From: "Stephen de Vries" <stephen () twisteddelight org>
Date: Sat, 31 Jan 2004 11:54:08 -0500 (EST)


You mentioned that they were using a "simple" firewall.  Perhaps the
scanning tools are initiating too many connections too quickly, flooding
the state tables of the firewall, or if it's a proxying firewall, perhaps
launching to many proxy processes.  Since the firewall is so busy dealing
with all these requests on filtered ports, perhaps it can't service
requests to open ports.?  You could try slowing down the scanning tools,
if you're using nmap try the paranoid timing option (and watch a good film
while you're waitiing for it to complete ;) )

Stephen

 almost everyone who replied pointed towards icmp. We have tried running
the
test with icmp disabled. We still do not get a reply on those ports.

-SKP

-----Original Message-----
From: Clement Dupuis [mailto:cdupuis () cccure org]
Sent: Friday, January 30, 2004 3:06 PM
To: 'Sanjay K. Patel'
Subject: RE: Interesting challenge

Have you carefully looked at some of the buried down setting under your
scanners.  It might simply be that it is expecting a reply from a ping
request before doing the scanning.

Clement


-----Original Message-----
From: Sanjay K. Patel [mailto:sanjay.patel () rexwire com]
Sent: Friday, January 30, 2004 11:43 AM
To: pen-test () securityfocus com
Subject: Interesting challenge




We are doing a pen test for a client and have run into a interesting
situation. The client has a server running IIS and Exchange we can
get to
it
through a browser but when we try to run Nessus or Eeye Retina
against
it,
neither product can find the server. The client is not running any
IDS
system has a simple firewall. A port scan revels no open port though
port
80
is open since the server is serving pages.


SKP




------------------------------------------------------------------------
-
--

------------------------------------------------------------------------
-
---


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault