Penetration Testing mailing list archives

FW: Port identification methodology

From: stephen () fishnetsecurity com
Date: Tue, 3 Jul 2001 09:41:43 -0500

Try using Nessus.  

I think that Nessus will try to identify network services running on
available service ports.  It does this by initiating a variety of dialogues
of known services with the service port to elicit a response.

If you wanted to do it manually, you could try to point various clients at
the services such as Back Orifice, SubSeven, etc.




Sincerely,

Stephen C. Thompson,
Piranha Team Network Security Engineer
Fishnet Security
1710 Walnut
Kansas City, MO 64108
Tel:    816-421-6611
Fax:    816-421-6677
Cell:   816-522-6369
<http://www.fishnetsecurity.com> 

*       2000 & 2001 Top 10 Kansas City Small Business
*       2000 Deloitte & Touche Fast 50 Rising Stars
*       2000 & 1999 Check Point Fastest Central Region Revenue Growth Award
*       2000 & 1999 CRN Top 25 Computer Executives
*       1998 Check Point Excellence Award Winners

"Some Companies have Network Security Divisions,
 FishNet is a Network Security integrator.
 Who should you trust with your Network Security?"

_______________________________________________________________________

The information transmitted in this e-mail is intended only for the
addressee and may contain confidential and/or privileged material.  Any
interception, review, retransmission, dissemination, or other use of, or
taking of any action upon this information by persons or entities other than
the intended recipient is prohibited by law and may subject them to criminal
or civil liability. If you received this communication in error, please
contact us immediately at 816.421.6611, and delete the communication from
any computer or network system.
_______________________________________________________________________



-----Original Message-----
From: Erik Norman [mailto:erik.norman () ccnox com]
Sent: Monday, July 02, 2001 5:14 AM
To: pen test
Subject: Port identification methodology


Hi all,

I have a question regarding methodology while performing a 
PT. It concerns identifying programs/services.

Imagine a full nmap scan has been performed. A handfull 
of open ports was found on a particular server. The 
usual 25, 53, 80 etc are identified, but one or two ports 
stand out from the crowd. Looking in various 'common ports' 
files does not provide a hint what the port is used for.

Connecting with telnet yields no text, and a tcpdump 
dump does not provide any text (in clear anyway).


Now what!???

How should one approach this?


/Erik

----------------------------------------------------------------------------
----------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service
For more information on SecurityFocus' SIA service which automatically
alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

Current thread:

Port identification methodology Erik Norman (Jul 02)
- Re: Port identification methodology Franck Veysset (Jul 03)
- RE: Port identification methodology Anup Singh (Jul 05)
- Re: Port identification methodology Chris Winter (Jul 05)
- <Possible follow-ups>
- RE: Port identification methodology Yonatan Bokovza (Jul 03)
- FW: Port identification methodology stephen (Jul 03)