Penetration Testing mailing list archives
Re: Port identification methodology
From: Franck Veysset <franck.veysset () intranode com>
Date: Mon, 02 Jul 2001 19:12:21 +0200
There have been some work done on this subject. you can have a look at Nessus. There is a plugin called "find-services" which do something like this. It just try to recognize which service is running on which port. This plugin, written in C, is available at : http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-plugins/plugins/find_service/ If I remember well, Saurik have also done some work on Nmap. A patch was performing such a function. More information at: ftp://ftp.saurik.com/pub/nmap/ Hope this help... -Franck Erik Norman a écrit :
Hi all, I have a question regarding methodology while performing a PT. It concerns identifying programs/services. Imagine a full nmap scan has been performed. A handfull of open ports was found on a particular server. The usual 25, 53, 80 etc are identified, but one or two ports stand out from the crowd. Looking in various 'common ports' files does not provide a hint what the port is used for. Connecting with telnet yields no text, and a tcpdump dump does not provide any text (in clear anyway). Now what!??? How should one approach this? /Erik -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
-- Franck Veysset E-mail: franck.veysset () intranode com http://www.INTRANODE.com - Tel: +33 (0)2 23 45 55 04 -- Security Lab Engineer -- O ascii ribbon campaign against html |\ email and Microsoft attachments. -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Port identification methodology Erik Norman (Jul 02)
- Re: Port identification methodology Franck Veysset (Jul 03)
- RE: Port identification methodology Anup Singh (Jul 05)
- Re: Port identification methodology Chris Winter (Jul 05)
- <Possible follow-ups>
- RE: Port identification methodology Yonatan Bokovza (Jul 03)
- FW: Port identification methodology stephen (Jul 03)