Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TR: Strange service on Port 5656

From: "Thierry Bole" <thbole () hotmail com>
Date: Thu, 17 Apr 2003 12:13:34 +0200
Hi,
Did you try using amap ( it identifies applications and services even if they are not listening on the default port) 

A good tool available at:

http://www.thc.org/releases.php

Thierry





-----Message d'origine-----
De : B F [mailto:zaphod_b71 () hotmail com]
Envoyé : mercredi, 16. avril 2003 19:19
À : pen-test () securityfocus com
Objet : Strange service on Port 5656


Dear PenTesters,

while conducting one of those tests this list was made
for, I stumbled over a TCP Service on Port 5656. If I
netcat on this port the following "banner" is displayed:
",!-

When I enter something at this prompt the
connection is closed immediately. Nessus detects this
service as time server, can anyone confirm/ deny that?
If this is no time server did someone see this banner
before? The host in question is a SuSE Linux System and
has a vulnerable (OpenSSH 2.1.1) SSH daemon running,
so maybe this service is part of a rootkit?

Thanks in advance for any hints
BF





_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place.  http://www.securityfocus.com/BlackHat-pen-test
----------------------------------------------------------------------------




_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail 


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-pen-test ----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: