RE: Port identification methodology

["Anup Singh" <anup () ealcatraz com>]

Most often than not, the stand out ports identified by NMAP have a vague
description attached to it. Then one can search through a list of standard
ports defined to services and map it to applications operating on those
ports.
IMHO most implementations do not change the default operating port of an
application. If one digs deep enough, there as always information to be
found. The standard port allocation list would be a good place to start.

Regards

Anup

-----Original Message-----
From: Erik Norman [mailto:erik.norman () ccnox com]
Sent: Monday, July 02, 2001 3:44 PM
To: pen test
Subject: Port identification methodology


Hi all,

I have a question regarding methodology while performing a
PT. It concerns identifying programs/services.

Imagine a full nmap scan has been performed. A handfull
of open ports was found on a particular server. The
usual 25, 53, 80 etc are identified, but one or two ports
stand out from the crowd. Looking in various 'common ports'
files does not provide a hint what the port is used for.

Connecting with telnet yields no text, and a tcpdump
dump does not provide any text (in clear anyway).


Now what!???

How should one approach this?


/Erik

----------------------------------------------------------------------------
----------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service
For more information on SecurityFocus' SIA service which automatically
alerts you to
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/