Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Strange response from network
From: Ben Timby <asp () webexc com>
Date: Wed, 15 Sep 2004 17:03:03 -0500

Shashank Rai wrote:

My questions:
a) any idea what kind of filtering system can this be

My guess is that hop 7 is home of a firewall of some sort. I don't have any recollection of one that would act this way, perhaps it's internal rule processing causes it to RST connections when it expires ttl. I don't know, perhaps another list member would know what device or firewall software would behave in such a manner.

b) is it possible to determine the IP of the 7th HOP.

Regarding the port number, my guess is that port 2443 is the 2nd SSL server 2 + 443 (443 = SSL). Nmap simply uses the common ports database to guess what service generally resides at the open port it found. For instance, if I ran my FTP server on port 22, nmap would detect it as an SSH server. I think there is a switch to have it grab the banner for you, but I have not used this feature.

Hope that helps.

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]