Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Service Identification

From: Omar Prunera Dols <oprunera () salleURL edu>
Date: Mon, 8 Dec 2003 17:20:46 +0100 (CET)
Hi,

Recently i found something similar, and the result was a netcat running on
the port i was scanning.

How i find it? I break into the machine and just looking at the processes that were running in
this machine. I found a netcat running on the ports 21, 23, and 25. From
the outside the responses were the ones you explained.

On Sun, 7 Dec 2003, Beaty, Bryan wrote:


I port scanned a box I am working on. I know the box is some form of
Linux. I see that port 23,25 and 53 are open. I can identify 53 as DNS.
Both NMAP and AMAP identify it as DNS.

Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I
telnet <ip> 23 or 25 I get a blank screen. If I type I just get blank
spaces or underscore symbols on the screen.

Does this mean the telnet and SMTP server have crashed?
Could it be that someone has installed some other service on these
ports?
How do you identify services that respond like this? Seems like I run
into this from time to time but I never have learned how to deal with
it.

Any ideas what to do at this point? I do not have physical access to the
box.

Thanks,
Bryan Beaty

---------------------------------------------------------------------------
----------------------------------------------------------------------------




Omar Prunera Dols                     "Si mires la realitat de prou aprop
oprunera () salleURL edu                   en podras veure els pixels"
http://www.salleurl.edu/~tl06367

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: