Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: Interesting challenge
.

  • To: "'Sanjay K. Patel '" <[EMAIL PROTECTED]>
  • Subject: RE: Interesting challenge
  • From: "Eric S. Boltz" <[EMAIL PROTECTED]>
  • Date: Sun, 1 Feb 2004 01:30:29 -0500
  • Cc: "'[EMAIL PROTECTED] '" <[EMAIL PROTECTED]>
.
 
I would be the last person to suggest that I am an authority on security,
however...
You mentioned that they are running Exchange and IIS.  What I have seen done
before in that situation is that they set the IIS to only respond based on
host header name (if that is the right term), ie: 10.0.0.4/default.htm
woudln't work, but www.domain.com/default.htm would.
I have watched both Retina and Nessus bounce off of those sites with nary a
whimper, when I KNEW that the site was vulnerable to some fairly simple
attacks, because they scan at the IP address, rather than using host header
names in their scans.

Dunno, it may be something to look at.

-----Original Message-----
From: Sanjay K. Patel
To: 'Clement Dupuis'
Cc: [EMAIL PROTECTED]
Sent: 1/30/2004 4:55 PM
Subject: RE: Interesting challenge

 almost everyone who replied pointed towards icmp. We have tried running
the
test with icmp disabled. We still do not get a reply on those ports.

-SKP

-----Original Message-----
From: Clement Dupuis [mailto:[EMAIL PROTECTED] 
Sent: Friday, January 30, 2004 3:06 PM
To: 'Sanjay K. Patel'
Subject: RE: Interesting challenge

Have you carefully looked at some of the buried down setting under your
scanners.  It might simply be that it is expecting a reply from a ping
request before doing the scanning.  

Clement


>> -----Original Message-----
>> From: Sanjay K. Patel [mailto:[EMAIL PROTECTED]
>> Sent: Friday, January 30, 2004 11:43 AM
>> To: [EMAIL PROTECTED]
>> Subject: Interesting challenge
>> 
>> 
>> 
>> 
>> We are doing a pen test for a client and have run into a interesting 
>> situation. The client has a server running IIS and Exchange we can
get to
>> it
>> through a browser but when we try to run Nessus or Eeye Retina
against
>> it,
>> neither product can find the server. The client is not running any
IDS
>> system has a simple firewall. A port scan revels no open port though
port
>> 80
>> is open since the server is serving pages.
>> 
>> 
>> SKP
>> 
>> 
>> 
>>
------------------------------------------------------------------------
-
>> --
>>
------------------------------------------------------------------------
-
>> ---


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.