Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Service Identification

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 8 Dec 2003 19:26:19 -0500 (EST)
Most often tcpwrappers <tcpd> will have a 'twist' associated with a
service it is protecting, and/or an allow or deny depending upon
somethinbg like the IP connecting.  TCPD tends to reject the connections
not allowed wiht a 'banner' stating the fact/reason.

Thanks,

Ron DuFresne


On Mon, 8 Dec 2003, Beaty, Bryan wrote:


I did try this. It was unable to identify the service. I contacted the
client and they stated these were indeed Telnet and SMTP but protected
by TCP wrappers. 

Does this sound like the response I would get by a service protected by
TCP wrappers? 

Thanks,
Bryan



-----Original Message-----
From: Meidinger Chris [mailto:chris.meidinger () badenit de] 
Sent: Monday, December 08, 2003 8:29 AM
To: Beaty, Bryan
Cc: pen-test () securityfocus com
Subject: RE: Service Identification

Small tip: nmap version 3.40 or newer has an option -sV, which is
service
verification. It will fire a lot of different packets at the port trying
to
get a bead on what is behind it. Did you try that?

Chris Meidinger

-----Original Message-----
From: Beaty, Bryan [mailto:Bryan.Beaty () vector com]
Sent: Sunday, December 07, 2003 6:21 PM
To: pen-test () securityfocus com
Subject: Service Identification


I port scanned a box I am working on. I know the box is some form of
Linux. I see that port 23,25 and 53 are open. I can identify 53 as DNS.
Both NMAP and AMAP identify it as DNS. 

Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I
telnet <ip> 23 or 25 I get a blank screen. If I type I just get blank
spaces or underscore symbols on the screen. 

Does this mean the telnet and SMTP server have crashed?
Could it be that someone has installed some other service on these
ports?
How do you identify services that respond like this? Seems like I run
into this from time to time but I never have learned how to deal with
it. 

Any ideas what to do at this point? I do not have physical access to the
box. 

Thanks,
Bryan Beaty

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
----------------------------------------------------------------------------



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: