Penetration Testing mailing list archives

Re: nmap shows open UDP port 113

From: Gregory Spath <gkspath () armstrong com>
Date: Mon, 29 Mar 2004 13:21:55 -0500

113 is identd/auth.

One linux-based firewall that I am aware of that runs Ident by default (it
can be disabled) is smoothwall.

IRC servers, and some other services are a pain to connect to if they
cannot connect back to an ident server.  I used to run a masquerading
ident for all the people on my home lan myself because of this.


On Wed, 24 Mar 2004 22:57:49 -0400
"BillyBobKnob" <billybobknob () hotmail com> wrote:

My friend asked me to see if I could scan or penetrate his firewall.  He
= only told me that it was a Linux box setup as a firewall running NAT
to = hide internal IPs.

- I did a nmap -O and a nmap -O --fuzzy but it said "too many =
fingerprints match for accurate OS guess"
        but it did tell me that TCP port 113 was in the closed state
- so I tried a TCP reverse inet scan (nmap -sT -I) and it still gave me
= same info as this port was closed
- so I tried nmap -sU and no results
- then I tried nmap -sU -p 113 and it said that UDP port 113 was open !!

I was then able to netcat to it (nc -u ipaddress 113) and I verified =
that I was connected with a netstat.

While connected via netcat I tried sending it commands like (ls, cd ..,
= help, echo) but got nothing.


Is there anything that can be done with this connection ??
Or is there anyway to find out what internal IPs are behind it ?


Thanks,
Bill


-----------------------------------------------------------------------
---- You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
-----------------------------------------------------------------------
-----



-- 
Gregory Spath
Network Security Analyst
Armstrong World Industries, Inc.
gkspath () armstrong com
717-396-5938

---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------

Current thread:

nmap shows open UDP port 113 BillyBobKnob (Mar 25)
- Re: nmap shows open UDP port 113 WiM (Mar 25)
- Re: nmap shows open UDP port 113 R. DuFresne (Mar 25)
- RE: nmap shows open UDP port 113 Gary Rollie (Mar 25)
  - Re: nmap shows open UDP port 113 David Cannings (Mar 25)
- Re: nmap shows open UDP port 113 Gabriel Alexandros (Mar 25)
- Re: nmap shows open UDP port 113 Jon Hart (Mar 26)
- Re: nmap shows open UDP port 113 Gregory Spath (Mar 30)
- <Possible follow-ups>
- Re: nmap shows open UDP port 113 Don Parker (Mar 26)