Penetration Testing mailing list archives
Re: Service Identification
From: Martin Mačok <martin.macok () underground cz>
Date: Mon, 8 Dec 2003 11:30:26 +0100
On Sun, Dec 07, 2003 at 11:21:01AM -0600, Beaty, Bryan wrote:
Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I telnet <ip> 23 or 25 I get a blank screen.
You should use netcat (nc) instead of telnet to do this, because telnet sends out some terminal control sequence too.
Does this mean the telnet and SMTP server have crashed?
Probably not. If it crashes then the port is usually closed.
Could it be that someone has installed some other service on these ports?
Maybe, try amapcrap ...
Is the connection closed (by the server) after some time? The port
could be somehow "tarpitted" ... or some sort of honeypot/IDS too.
--
Martin Mačok http://underground.cz/
martin.macok () underground cz http://Xtrmntr.org/ORBman/
---------------------------------------------------------------------------
----------------------------------------------------------------------------
Current thread:
- Service Identification Beaty, Bryan (Dec 07)
- Re: Service Identification Omar Prunera Dols (Dec 08)
- Re: Service Identification Martin Mačok (Dec 08)
- <Possible follow-ups>
- RE: Service Identification Meidinger Chris (Dec 08)
- RE: Service Identification MARTIN M. Bnoni (Dec 08)
- RE: Service Identification Beaty, Bryan (Dec 08)
- RE: Service Identification R. DuFresne (Dec 09)
- RE: Service Identification J. Oquendo (Dec 08)