RE: Port identification methodology

[Yonatan Bokovza <Yonatan () xpert com>]

Hi,
a common way of handling many cleartext protocols is
sending "QUIT\n" and grabbing the output.
To solve your question i'd say we need a DB of every
protocol in existance and what does it "likes" to recive
in a packet or two- in order to reply with its name/version.
Same goes for UDP, BTW.

Best Regards, 

Yonatan Bokovza
IT Security Consultant
Xpert Systems

> -----Original Message-----
> From: Erik Norman [mailto:erik.norman () ccnox com]
> Sent: Monday, July 02, 2001 13:14
> To: pen test
> Subject: Port identification methodology
>
>
> Hi all,
>
> I have a question regarding methodology while performing a 
> PT. It concerns identifying programs/services.
>
> Imagine a full nmap scan has been performed. A handfull 
> of open ports was found on a particular server. The 
> usual 25, 53, 80 etc are identified, but one or two ports 
> stand out from the crowd. Looking in various 'common ports' 
> files does not provide a hint what the port is used for.
>
> Connecting with telnet yields no text, and a tcpdump 
> dump does not provide any text (in clear anyway).
>
>
> Now what!???
>
> How should one approach this?
>
>
> /Erik

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/