Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Nikto open ports
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Tue, 7 Nov 2006 17:34:40 -0500

That would be a pretty easy thing to test.  Put a sniffer between your
testing machine and the tested machine and capture all the data going
through.  It should be very easy to see if sessions are being closed by
the client (testing machine) or not.

I know that I've never experienced the problem you're seeing but,
perhaps I just didn't notice it.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of noa () imperva com
Sent: Tuesday, November 07, 2006 6:14 AM
To: pen-test () securityfocus com
Subject: Nikto open ports

Hi,

I used nikto to test a specific open port on a server. I ran the exact
same test mutliple consecutive times, starting the next test immediately
after the current one ended.
I saw that after a few tests, nikto replied that there was no HTTP port
on that server...
A closer look revealed that the previous nikto test left the ports open
so I'm guessing that the server stops responding because of too many
open ports.
Has anyone encountered this behavior? Do you know whether nikto does not
in fact properly close all connections?

Thank you,
Noa 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------




**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which 
they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the 
intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the 
message. If you have received this communication in error, please notify the sender and delete this e-mail message. The 
contents do not represent the opinion of D&E except to the extent that it relates to their official business.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]