Penetration Testing mailing list archives
RE: Service Identification
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 8 Dec 2003 19:26:19 -0500 (EST)
Most often tcpwrappers <tcpd> will have a 'twist' associated with a service it is protecting, and/or an allow or deny depending upon somethinbg like the IP connecting. TCPD tends to reject the connections not allowed wiht a 'banner' stating the fact/reason. Thanks, Ron DuFresne On Mon, 8 Dec 2003, Beaty, Bryan wrote:
I did try this. It was unable to identify the service. I contacted the client and they stated these were indeed Telnet and SMTP but protected by TCP wrappers. Does this sound like the response I would get by a service protected by TCP wrappers? Thanks, Bryan -----Original Message----- From: Meidinger Chris [mailto:chris.meidinger () badenit de] Sent: Monday, December 08, 2003 8:29 AM To: Beaty, Bryan Cc: pen-test () securityfocus com Subject: RE: Service Identification Small tip: nmap version 3.40 or newer has an option -sV, which is service verification. It will fire a lot of different packets at the port trying to get a bead on what is behind it. Did you try that? Chris Meidinger -----Original Message----- From: Beaty, Bryan [mailto:Bryan.Beaty () vector com] Sent: Sunday, December 07, 2003 6:21 PM To: pen-test () securityfocus com Subject: Service Identification I port scanned a box I am working on. I know the box is some form of Linux. I see that port 23,25 and 53 are open. I can identify 53 as DNS. Both NMAP and AMAP identify it as DNS. Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I telnet <ip> 23 or 25 I get a blank screen. If I type I just get blank spaces or underscore symbols on the screen. Does this mean the telnet and SMTP server have crashed? Could it be that someone has installed some other service on these ports? How do you identify services that respond like this? Seems like I run into this from time to time but I never have learned how to deal with it. Any ideas what to do at this point? I do not have physical access to the box. Thanks, Bryan Beaty ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Service Identification Beaty, Bryan (Dec 07)
- Re: Service Identification Omar Prunera Dols (Dec 08)
- Re: Service Identification Martin MaÄok (Dec 08)
- <Possible follow-ups>
- RE: Service Identification Meidinger Chris (Dec 08)
- RE: Service Identification MARTIN M. Bénoni (Dec 08)
- RE: Service Identification Beaty, Bryan (Dec 08)
- RE: Service Identification R. DuFresne (Dec 09)
- RE: Service Identification J. Oquendo (Dec 08)