Penetration Testing mailing list archives
RE: Service Identification
From: "J. Oquendo" <sil () politrix org>
Date: Mon, 8 Dec 2003 14:47:23 -0500 (EST)
Simplest answer would be to run an analyzer on the segment the machine is on to see what information (if any) is going through the port. Remember any program can be assigned to listen on any port, so just because you may see something such as telnet mapped to port 23, it doesn't mean telnet is indeed running on that port. One thing to note also is, if indeed telnet is running on the port, it may have been configured not to leak out information. In essence, anything can be running on those ports... e.g.: finger sil () kungfunix net Don't be fooled by what you would see doing that finger. Everything is false, usernames, etal... $ grep finger /etc/inetd.conf #finger stream tcp6 nowait nobody /usr/sbin/in.fingerd in.fingerd finger stream tcp6 nowait nobody /export/c0t0d0s9/home/sil/./honey It's a perl listener that catches e-tards doing stupid things. Sometimes I configure my firewall to block out class ranges if I see multiple asinine port connections, but it's mainly there for my amusement. sil
I did try this. It was unable to identify the service. I contacted the client and they stated these were indeed Telnet and SMTP but protected by TCP wrappers.
Does this sound like the response I would get by a service protected by TCP wrappers?
Thanks, Bryan
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . org http://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "I watch gangster flicks and root for the bad guy and turn it off before it ends because the bad guy dies" 50 Cents - 'Assassins' This is a farce confidential disclaimer intended to make you aware that even though this may be priveledged information, being it will become Google cache in the future, my original intentions of keeping this message restricted and/or private are thrown out the door. If you have received this e-mail in error, please enjoy this signature and destroy this message by dousing it in gasoline. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Service Identification Beaty, Bryan (Dec 07)
- Re: Service Identification Omar Prunera Dols (Dec 08)
- Re: Service Identification Martin MaÄok (Dec 08)
- <Possible follow-ups>
- RE: Service Identification Meidinger Chris (Dec 08)
- RE: Service Identification MARTIN M. Bénoni (Dec 08)
- RE: Service Identification Beaty, Bryan (Dec 08)
- RE: Service Identification R. DuFresne (Dec 09)
- RE: Service Identification J. Oquendo (Dec 08)