Page 5 of 5 FirstFirst ... 345
Results 41 to 42 of 42
  1. #41
    Senior Member
    Join Date
    Mar 2003
    First - the identity of the firewall is not what is initially important, but what the firewall is doing.

    Second - it isn't very polite to start off your first post by cursing
    Get OpenSolaris http://www.opensolaris.org/

  2. #42
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002

    Why has noone tried a fragment attack yet. Most firewalls will let packets pass if they are under 4 bytes small. That could help to determine the OS atleast, which would be start.

    And also something else, that server does not seem to be running any real internet services. I i go online with my linux box, i have no open ports (in init 3 that is), and no rpcs', no smtp, pops' etc...... so that is very safe already. Any computer with no open ports is safe. Its their services (if they intend to put any) that will help make the entire box unsafe, cause most attacks are oriented towards the services (samba, http, ftp, mail, rpc, netbios, etc...).

    Or is it truly so safe that i cannot detect any services?

    Just in case you are interested:
    # nmap -v -P0
    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    No tcp,udp, or ICMP scantype specified, assuming vanilla tcp connect() scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up).
    Host ( appears to be up ... good.
    Initiating Connect() Scan against (
    Strange error from connect (13):Permission denied
    The Connect() Scan took 4 seconds to scan 1601 ports.
    Interesting ports on (
    (The 1582 ports scanned but not shown below are in state: closed)
    Port State Service
    21/tcp filtered ftp
    22/tcp filtered ssh
    23/tcp filtered telnet
    25/tcp filtered smtp
    37/tcp filtered time
    43/tcp filtered whois
    53/tcp filtered domain
    63/tcp filtered via-ftp
    70/tcp filtered gopher
    79/tcp filtered finger
    80/tcp filtered http
    110/tcp filtered pop-3
    113/tcp filtered auth
    119/tcp filtered nntp
    123/tcp filtered ntp
    137/tcp filtered netbios-ns
    138/tcp filtered netbios-dgm
    443/tcp filtered https
    11371/tcp filtered pksd

    Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds

    It might be wasting time but.. let's say "they are" testing our skills...knowledge skills security computers in positive way
    Those may be well redirects from the firewall itself. To me this looks like some sort of honey pot. The fact that this target may be under very heavy logging is all to real. Dont let it confuse you witht the fact that honey pots normally have open weaknesses. Since all the ports are in state filtered tells me that there is no internet service running, or just that the firewall is blocking it. If it is a redirect how ever, then the idea of it being a honey pot increases.

    I will try sending some fragmented packages and see how they are handled.

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.