Penetration Testing mailing list archives
RE: Port identification methodology
From: Yonatan Bokovza <Yonatan () xpert com>
Date: Mon, 2 Jul 2001 19:59:38 +0300
Hi, a common way of handling many cleartext protocols is sending "QUIT\n" and grabbing the output. To solve your question i'd say we need a DB of every protocol in existance and what does it "likes" to recive in a packet or two- in order to reply with its name/version. Same goes for UDP, BTW. Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems
-----Original Message----- From: Erik Norman [mailto:erik.norman () ccnox com] Sent: Monday, July 02, 2001 13:14 To: pen test Subject: Port identification methodology Hi all, I have a question regarding methodology while performing a PT. It concerns identifying programs/services. Imagine a full nmap scan has been performed. A handfull of open ports was found on a particular server. The usual 25, 53, 80 etc are identified, but one or two ports stand out from the crowd. Looking in various 'common ports' files does not provide a hint what the port is used for. Connecting with telnet yields no text, and a tcpdump dump does not provide any text (in clear anyway). Now what!??? How should one approach this? /Erik
-------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Port identification methodology Erik Norman (Jul 02)
- Re: Port identification methodology Franck Veysset (Jul 03)
- RE: Port identification methodology Anup Singh (Jul 05)
- Re: Port identification methodology Chris Winter (Jul 05)
- <Possible follow-ups>
- RE: Port identification methodology Yonatan Bokovza (Jul 03)
- FW: Port identification methodology stephen (Jul 03)