Re: Ping: stingray
- From: Borked Pseudo Mailed <nobody@xxxxxxxxxxxxxxxxx>
- Date: Mon, 13 Feb 2006 22:44:54 -0700 (MST)
Borked Pseudo Mailed wrote:
stingray@xxxxxxxxxxxxxxxx wrote:Well, i disagree there, although it's only one of the many things he can
well, you can try to setup for example ftp on some remote box, or ask a
friend, make it listen on port 80. Then you try to ftp from your own box
to that ftp on port 80. If it works then most likely the filtering is
only done on ports and not on the contents/protocols.
This would be a very poor test at best. FTP typically requires two ports
to function, and would very likely fail in this scenario, giving false
results if simple port filtering is being used. FTP is absolutely the
worst suggestion you could have made as far as protocols go.
A better test would be to have someone set up a telnet or other type of
daemon to listen on port 80, then using raw telnet to test it. Or even
using any of the various free HTTP proxies to do similar "tunneling"
tests. Or, have someone set up a lightweight web server like thttpd on a
port you believe is blocked, and try to browse to that (an even better
test in my opinion).
FWIW, situations where protocols themselves are filtered are very rare.
It's rather hard to do that sort of "content" filtering reliably. 99.99%
of the time it's nothing more than ports, or ranges of ports that are
blocked. And if you do happen to run into this sort of filtering the
"HTTP to odd ports" test will tell you that's what you're dealing with
You may disagree all you like, but you'll still be wrong. It's pretty
common knowledge among informed people that FTP is *not* the tool to use
when testing things like this. I don't know if you don't quite grasp how
FTP works, or (more likely) how this sort of filtering is basically white
listing of ports, but for whatever reason you're again offering up
erroneous information and trying to defend it after it's been pointed out
to you why you're in error.
Once again, the correct way to "map out" blocked ports is to use known
acceptable protocols on various ports and try to make the most basic
connection you can. This will almost always be either telnet, or in some
cases simple SYN/ACK/RST connection negotiations with a tool like nmap or
FTP is an absolutely horrible tool to use for this sort of testing. It
adds an additional and prominent set of failure conditions. It's just not
going to be reliable enough to be at all useful. Simple as that.