From: Paul Culmsee (Paul.Culmsee@pivod.com)
Date: Sun Sep 11 2005 - 20:09:20 EDT
That is very likely a transparent proxy/cache showing that behavior. All HTTP/S traffic, irrespective of the destination is being redirected to a cache server.
Try a HTTP echo command and see if you get output. It may reveal the make of the appliance or cache software.
Regards
Paul
> -----Original Message-----
> From: pinoch0@gmail.com [mailto:pinoch0@gmail.com]
> Sent: Saturday, 10 September 2005 5:01 PM
> To: pen-test@securityfocus.com
> Subject: NAT is present?
>
> I´m pen-testing a subnet, and when i scan the open ports i get something
> similar to this:
>
> *.*.*.1
>
> PORT STATE SERVICE
> 80/tcp open http
> 264/tcp open bgmp
> 500/tcp open isakmp
>
>
> *.*.*.2
> PORT STATE SERVICE
>
> 80/tcp open http
> https
> *.*.*.3
>
> PORT STATE SERVICE
> 80/tcp open http
> https
>
> All the host of the subnet seems to have http and https open but when i
> try to connect to it a lot of then don´t back a response.
> I thing that the .1 (seems to be a router) have NAT and open http and
> https por all the hosts (up or down) .
> Can someone help me?
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:52 EDT