Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: All tcp ports open?

from [David M. Zendzian] Network Security [Permanent Link]
Subject: Re: All tcp ports open?
Date: Mon, 30 Aug 2004 12:00:58 -0400 
Ben,
  Do you get any header responses or anything when you connect that could be 
used to help identify what is allowing all port connects? Do you get iis on 80, 
and exchange on 25?
  It could be a honeypot redirect on all ports other than specific, ie 80/443, 
by the firewall or load balancer in front of machine. 
  Do all ports return tcp counters and other such info that makes it look like 
all responses are coming back from same end destination host?
  Do you have access to environment? Can you trace traffic internally?

Good luck
David
-----Original Message-----
From: "Massimo Cetra" <mcetra@navynet.it>
Date: Sun, 29 Aug 2004 16:10:08 
To:"'Ben Timby'" <asp@webexc.com>, <pen-test@securityfocus.com>
Subject: RE: All tcp ports open?


I am not sure what is doing this, but I assume it is a 
software (or some 
kind of) firewall/hids, can anybody point me in the right direction?

I am pen-testing a Windows webserver, and a port scan reveals ALL tcp 
ports open. hping also confirms that a SA is returned for any 
S packets 
sent to any port I try. I can connect via netcat any of the 
ports, and 
send data, but nothing is returned. In order to verify services, I am 
required to connect and check for a banner or send 
appropriate protocol 
commands to elicit a response.

Has anyone seen this, or have any idea of what this is?


http://www.iptables.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT

This is for Linux but may help you finding more informations.

Max




------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



/--------------------------------------\
 David M. Zendzian * dmz@dmzs.com 
 (415) 867-7812 - phone  
  -------------                    
  Imagination is greater than knowledge * Albert Einstein
 Every day is a good day, whether you like it or not! *

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: listing directory structure within webserver root, Kurt Seifried
Next by Date:  Re: All tcp ports open?, Chris Brenton
Previous by Thread:  RE: All tcp ports open?, Todd Towles
Next by Thread:  Re: All tcp ports open?, Erik Birkholz
Indexes:  [Date] [Thread] [Top] [All Lists]