Re: All tcp ports open?

From: Kevin Sheldrake (kev@electriccat.co.uk)
Date: Sun Aug 29 2004 - 11:59:35 EDT

• Next message: Jose Maria Lopez: "Re: All tcp ports open?"
• Previous message: Tim: "Re: All tcp ports open?"
• In reply to: Ben Timby: "All tcp ports open?"
• Next in thread: Jose Maria Lopez: "Re: All tcp ports open?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sounds like a honeypot. You might want to use amap or the -sV option of
nmap to try and enumerate the real services in amongst the fake ones.
Never done it so unsure of the results but logic dictates that it'll work,
even if takes "a very long time" (TM).

Kev

> I am not sure what is doing this, but I assume it is a software (or some
> kind of) firewall/hids, can anybody point me in the right direction?
>
> I am pen-testing a Windows webserver, and a port scan reveals ALL tcp
> ports open. hping also confirms that a SA is returned for any S packets
> sent to any port I try. I can connect via netcat any of the ports, and
> send data, but nothing is returned. In order to verify services, I am
> required to connect and check for a banner or send appropriate protocol
> commands to elicit a response.
>
> Has anyone seen this, or have any idea of what this is?
>
> Thanks.
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking
> course,
> learn to write exploits and attack security infrastructure. Attend a
> course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>
>

-- 
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Bournemouth) Ltd
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Jose Maria Lopez: "Re: All tcp ports open?"
• Previous message: Tim: "Re: All tcp ports open?"
• In reply to: Ben Timby: "All tcp ports open?"
• Next in thread: Jose Maria Lopez: "Re: All tcp ports open?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:01 EDT