From: Nexus (nexus@patrol.i-way.co.uk)
Date: Wed Mar 24 2004 - 14:28:45 EST
----- Original Message -----
From: "Jerry Shenk" <jshenk@decommunications.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, March 24, 2004 3:36 AM
Subject: RE: FTP Window of opportunity?
[snip]
> BTW, some firewalls (Raptor at least) intentionally respond to all kinds
> of crazy traffic. It seems that they intentionally try to confuse an
> attacker (or pen tester;) by allowing connections to ports that aren't
> really open.
I'm not sure that's deliberate, rather a wierd-arse side effect of the
stateful inspection or ephemeral ports or summat.. *shrug*
You will also see similar odd resonses from various vendor implementations
of SYN flood 'proxy' defence, where the firewall completes the 3-way
handshake itself to you, then tries to connect to the destination host and
port on your behalf and if all is well, shovels the traffic across, if not,
it just drops you.
Cheers.
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT