Penetration Testing mailing list archives
Re: nmap shows open UDP port 113
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 25 Mar 2004 12:01:07 -0500 (EST)
auth is tcp port 113 associated, at least in most setups I've seen, and can be disabled by editing /etc/inetd.conf and commenting it out, it's a tad different for say a redhat system and others using xinetd, but, not all that touch to close; properly edit the /etc/xinetd.d file corresponding to the service in question, particulrly the disable = line. What is interesting is that your system responds to udp port 113.... Thanks, Ron DuFresne On Wed, 24 Mar 2004, BillyBobKnob wrote:
My friend asked me to see if I could scan or penetrate his firewall. He = only told me that it was a Linux box setup as a firewall running NAT to = hide internal IPs. - I did a nmap -O and a nmap -O --fuzzy but it said "too many = fingerprints match for accurate OS guess" but it did tell me that TCP port 113 was in the closed state - so I tried a TCP reverse inet scan (nmap -sT -I) and it still gave me = same info as this port was closed - so I tried nmap -sU and no results - then I tried nmap -sU -p 113 and it said that UDP port 113 was open !! I was then able to netcat to it (nc -u ipaddress 113) and I verified = that I was connected with a netstat. While connected via netcat I tried sending it commands like (ls, cd .., = help, echo) but got nothing. Is there anything that can be done with this connection ?? Or is there anyway to find out what internal IPs are behind it ? Thanks, Bill --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- nmap shows open UDP port 113 BillyBobKnob (Mar 25)
- Re: nmap shows open UDP port 113 WiM (Mar 25)
- Re: nmap shows open UDP port 113 R. DuFresne (Mar 25)
- RE: nmap shows open UDP port 113 Gary Rollie (Mar 25)
- Re: nmap shows open UDP port 113 David Cannings (Mar 25)
- Re: nmap shows open UDP port 113 Gabriel Alexandros (Mar 25)
- Re: nmap shows open UDP port 113 Jon Hart (Mar 26)
- Re: nmap shows open UDP port 113 Gregory Spath (Mar 30)
- <Possible follow-ups>
- Re: nmap shows open UDP port 113 Don Parker (Mar 26)