From: Steve Goldsby (ICS) (sgoldsby@networkarmor.com)
Date: Fri Jan 30 2004 - 12:30:24 EST
Netscreens' for instance, will block hosts that are performing
portscans.
Teros boxes will also block most 'crafted' layer 7 attacks.
What type of scan are you doing?
Try doing: nmap -sS -P0 -p80
And see what you get. If you get filtered you're looking at a stateful
box, if you get blocked, I would say there's a proxy in there somewhere.
Steve Goldsby
www.networkarmor.com
-----Original Message-----
From: Sanjay K. Patel [mailto:sanjay.patel@rexwire.com]
Sent: Friday, January 30, 2004 10:43 AM
To: pen-test@securityfocus.com
Subject: Interesting challenge
We are doing a pen test for a client and have run into a interesting
situation. The client has a server running IIS and Exchange we can get
to it
through a browser but when we try to run Nessus or Eeye Retina against
it,
neither product can find the server. The client is not running any IDS
system has a simple firewall. A port scan revels no open port though
port 80
is open since the server is serving pages.
SKP
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT