Re: Interesting challenge

From: David Barroso (dbarroso@s21sec.com)
Date: Fri Jan 30 2004 - 14:28:44 EST


> We are doing a pen test for a client and have run into a interesting
> situation. The client has a server running IIS and Exchange we can get to
> it
> through a browser but when we try to run Nessus or Eeye Retina against it,
> neither product can find the server. The client is not running any IDS
> system has a simple firewall. A port scan revels no open port though port
> 80
> is open since the server is serving pages.
>

Sanjay,
perhaps an additional layer of security is implemented, which silently
drops all packets received from a specific host, if it detects a portscan
from that host, and accepts a normal traffic flow if it does not detect
any 'attack'. This countermeasure could be installed in your client's
site, or, on the other hand, maybe your egress traffic is being filtered.

David

---------------------------------------------------------------------------
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT