Re: Connecting to different services with source port 53

[Martin Stöfler <stoefler () ikarus at>]

Hi, 

Not a problem at all;

sh#>nc -v -p 53 127.0.0.1 80

netstat:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp        0      0 127.0.0.1:53  127.0.0.1:22    ESTABLISHED2917/nc

If the connection is not limited to UDP traffic (as DNS is usualy UDP, 
except for zone-transfers...). But since your nmap scan went through,
chances are high that the ACL on the attacked site looks something like:

source any port:53 -> dest. internal-server port:any = allow

hth, 
martin


On Thu, 2005-06-23 at 09:38 +0200, Christian Perst wrote:
> Hi list,
>
> I'm pen-testing a system and with a normal "nmap -sS" I get no
> response. If I change the source port I could get through to
> the system, as you can see.
>
> 21/tcp    open     ftp
> 80/tcp    open     http
> 88/tcp    open     kerberos-sec
> 135/tcp   open     msrpc
> 389/tcp   open     ldap
> 443/tcp   open     https
> 464/tcp   open     kpasswd5
> 593/tcp   open     http-rpc-epmap
> 636/tcp   open     ldapssl
> 1026/tcp  open     LSA-or-nterm
> 1029/tcp  open     ms-lsa
> 1033/tcp  open     netinfo
> 1720/tcp  open     H.323/Q.931
> 1723/tcp  open     pptp
> 3268/tcp  open     globalcatLDAP
> 3269/tcp  open     globalcatLDAPssl
> 3372/tcp  open     msdtc
> 3389/tcp  open     ms-term-serv
> 6101/tcp  open     VeritasBackupExec
> 6106/tcp  open     isdninfo
> 8080/tcp  filtered http-proxy
> 10000/tcp open     snet-sensor-mgmt
>
> Is there a way, how I can establish a connection using source
> port 53?
>
> Thanks,
> Chris
-- 
Stoefler Martin
Security Engineer

IKARUS Software GmbH
Fillgradergasse 7
A-1060 Vienna
0043+1+58995+102
<stoefler.m () ikarus at>
www.ikarus-software.at

Hacking is the art of esoteric quests, 
of priceless and worthless secrets.  
Odd bits of raw data from smashed machinery of intelligence
and slavery reassembled in a mosaic both hilarious in its absurdity
and frightening in its power.