Penetration Testing mailing list archives
Re: nmap shows open UDP port 113
From: Gregory Spath <gkspath () armstrong com>
Date: Mon, 29 Mar 2004 13:21:55 -0500
113 is identd/auth. One linux-based firewall that I am aware of that runs Ident by default (it can be disabled) is smoothwall. IRC servers, and some other services are a pain to connect to if they cannot connect back to an ident server. I used to run a masquerading ident for all the people on my home lan myself because of this. On Wed, 24 Mar 2004 22:57:49 -0400 "BillyBobKnob" <billybobknob () hotmail com> wrote:
My friend asked me to see if I could scan or penetrate his firewall. He = only told me that it was a Linux box setup as a firewall running NAT to = hide internal IPs. - I did a nmap -O and a nmap -O --fuzzy but it said "too many = fingerprints match for accurate OS guess" but it did tell me that TCP port 113 was in the closed state - so I tried a TCP reverse inet scan (nmap -sT -I) and it still gave me = same info as this port was closed - so I tried nmap -sU and no results - then I tried nmap -sU -p 113 and it said that UDP port 113 was open !! I was then able to netcat to it (nc -u ipaddress 113) and I verified = that I was connected with a netstat. While connected via netcat I tried sending it commands like (ls, cd .., = help, echo) but got nothing. Is there anything that can be done with this connection ?? Or is there anyway to find out what internal IPs are behind it ? Thanks, Bill ----------------------------------------------------------------------- ---- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------- -----
-- Gregory Spath Network Security Analyst Armstrong World Industries, Inc. gkspath () armstrong com 717-396-5938 --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- nmap shows open UDP port 113 BillyBobKnob (Mar 25)
- Re: nmap shows open UDP port 113 WiM (Mar 25)
- Re: nmap shows open UDP port 113 R. DuFresne (Mar 25)
- RE: nmap shows open UDP port 113 Gary Rollie (Mar 25)
- Re: nmap shows open UDP port 113 David Cannings (Mar 25)
- Re: nmap shows open UDP port 113 Gabriel Alexandros (Mar 25)
- Re: nmap shows open UDP port 113 Jon Hart (Mar 26)
- Re: nmap shows open UDP port 113 Gregory Spath (Mar 30)
- <Possible follow-ups>
- Re: nmap shows open UDP port 113 Don Parker (Mar 26)