Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Strange response from network
From: Ben Timby <asp () webexc com>
Date: Wed, 15 Sep 2004 17:03:03 -0500

Shashank Rai wrote:

My questions:
a) any idea what kind of filtering system can this be

My guess is that hop 7 is home of a firewall of some sort. I don't have any recollection of one that would act this way, perhaps it's internal rule processing causes it to RST connections when it expires ttl. I don't know, perhaps another list member would know what device or firewall software would behave in such a manner.

b) is it possible to determine the IP of the 7th HOP.

Regarding the port number, my guess is that port 2443 is the 2nd SSL server 2 + 443 (443 = SSL). Nmap simply uses the common ports database to guess what service generally resides at the open port it found. For instance, if I ran my FTP server on port 22, nmap would detect it as an SSH server. I think there is a switch to have it grab the banner for you, but I have not used this feature.

Hope that helps.

Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]