Penetration Testing mailing list archives
Re: nmap shows open UDP port 113
From: "WiM" <vulndev () vision rma ac be>
Date: Thu, 25 Mar 2004 19:14:36 +0100
From the man page of nmap:
-sU UDP scans: This method is used to determine which UDP (User Datagram Protocol, RFC 768) ports are open on a host. The tech- nique is to send 0 byte udp packets to each port on the target machine. If we receive an ICMP port unreachable message, then the port is closed. Otherwise we assume it is open. Unfortu- nately, firewalls often block the port unreachable messages, causing the port to appear open. Sometimes an ISP will block only a few specific dangerous ports such as 31337 (back orifice) and 139 (Windows NetBIOS), making it look like these vulnerable ports are open. So don't panic immediately. Unfortunately, it isn't always trivial to differentiate between real open UDP ports and these filtered false-positives. WiM ----- Original Message ----- From: "BillyBobKnob" <billybobknob () hotmail com> To: <pen-test () lists securityfocus com> Sent: Thursday, March 25, 2004 3:57 AM Subject: nmap shows open UDP port 113
My friend asked me to see if I could scan or penetrate his firewall. He = only told me that it was a Linux box setup as a firewall running NAT to = hide internal IPs. - I did a nmap -O and a nmap -O --fuzzy but it said "too many = fingerprints match for accurate OS guess" but it did tell me that TCP port 113 was in the closed state - so I tried a TCP reverse inet scan (nmap -sT -I) and it still gave me = same info as this port was closed - so I tried nmap -sU and no results - then I tried nmap -sU -p 113 and it said that UDP port 113 was open !! I was then able to netcat to it (nc -u ipaddress 113) and I verified = that I was connected with a netstat. While connected via netcat I tried sending it commands like (ls, cd .., = help, echo) but got nothing. Is there anything that can be done with this connection ?? Or is there anyway to find out what internal IPs are behind it ? Thanks, Bill --------------------------------------------------------------------------
-
You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- nmap shows open UDP port 113 BillyBobKnob (Mar 25)
- Re: nmap shows open UDP port 113 WiM (Mar 25)
- Re: nmap shows open UDP port 113 R. DuFresne (Mar 25)
- RE: nmap shows open UDP port 113 Gary Rollie (Mar 25)
- Re: nmap shows open UDP port 113 David Cannings (Mar 25)
- Re: nmap shows open UDP port 113 Gabriel Alexandros (Mar 25)
- Re: nmap shows open UDP port 113 Jon Hart (Mar 26)
- Re: nmap shows open UDP port 113 Gregory Spath (Mar 30)
- <Possible follow-ups>
- Re: nmap shows open UDP port 113 Don Parker (Mar 26)