Re: Wierd non-http port 80 daemon?

["Brien Dieterle" <brien.dieterle () cgcmail maricopa edu>]

> -- Original Message --
> Date: Wed, 07 Jan 2004 22:05:34 -0700
> From: Austin Godber <godber () uberhip com>
> Cc: security-basics () securityfocus com
> Subject: Re: Wierd non-http port 80 daemon?
>
>
> > I've been scanning a box, and it's - lightly taken - set up very
> > insecure. Many open ports, etc. One thing I find strange is the
> > following: The box is open on port 80. But if you telnet into it, it

> > doesn't act anything like a HTTP daemon.
>
> Did you try using nmap's -sV option?
>
> Austin
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any
> course! All of our class sizes are guaranteed to be 10 students or less.
>
> We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
>
> and many other technical hands on courses.
> Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
>
> any course!
> ----------------------------------------------------------------------------

> From Nmap:
"Once the TCP connection is made, Nmap just listens for roughly 5 seconds."

Would it be worthwhile for some to (try to) hide a naughty service by faking
some other service for the first 5 seconds?

brien


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------