RE: TFTP Scanner recommendation requested

From: Michael Gorsuch (mgorsuch_at_aikinetworks.com)
Date: 08/13/03

  • Next message: cpreston_at_gci.net: "Re: Infrared Vulns on laptops" 
    To: "'Barry Fitzgerald'" <bkfsec@sdf.lonestar.org>, <pen-test@securityfocus.com>
Date: Wed, 13 Aug 2003 16:26:50 -0500

    The first place I would start is NMAP - if any machine responds with
    that port open, it needs to be checked regardless if there is an
    operating tftp server or not.

    Hope this helps,

    Michael Gorsuch
    Aiki Network Security and Solutions
    mgorsuch@aikinetworks.com
    http://www.aikinetworks.com

    -----Original Message-----
    From: Barry Fitzgerald [mailto:bkfsec@sdf.lonestar.org]
    Sent: Wednesday, August 13, 2003 1:54 PM
    To: pen-test@securityfocus.com
    Subject: TFTP Scanner recommendation requested

    Hello,

           First of all, my office just got completely pelted with a scan
    looking for open udp/69 ports with tftp requests being made on each
    port. (Our IDS alerted me to this). I know that msblast opens up that
    port during the worm-infection period. So, the fact that this is
    happening right now is not surprising. Is anyone else noticing this? (I

    know that we aren't infected with msblast, so it's not worm traffic -
    and I have verified that this is an automated backdoor scan.)

           Anyway, the reason I'm writing this to the pen-test list is for a

    recommendation. I'd like to keep my eye out for open tftp servers on my

    LAN just in case. Does anyone have a recommendation for a tftp scanner
    that can scan a range of IPs for functioning tftp listeners?

           This is for professional defense and pen testing, obviously, and
    not for a "how do I hack?" kind of BS request. :)

                    -Barry

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: cpreston_at_gci.net: "Re: Infrared Vulns on laptops"

    Relevant Pages

    • Re: TFTP Scanner recommendation requested
      ... the worm does NOT "open up that port". ... it launches the TFTP client on the system (not ... is a TFTP server running. ...
      (Pen-Test)
    • TFTP Scanner recommendation requested
      ... I know that msblast opens up that ... port during the worm-infection period. ... I'd like to keep my eye out for open tftp servers on my ...
      (Pen-Test)
    • RE: redhat-list Digest, Vol 4, Issue 38
      ... Re: Iptables: port 22 open only for my IP ... Windows Services for Unix 3.5 ... It does absolutely nothing if you have a rampant application on your Windows box that opens a port to the outside world. ...
      (RedHat)
    • Re: Enabling telnet, ftp, pop3 for root...
      ... MASIVE security improvement over just having an open port sitting there. ... only OPENS THE PORT! ... While I could be wrong on that, it's the most likely scenerio with three possible levels of security: low, if you're only using a password, mediocre if you're using a key protected by a password, and relatively high if you're using a key that you are protecting with a complex passphrase and swapping out routinely. ... Point being, when there are already such networks on the Internet -- and not just in the United States -- with a wide range of ISPs, it's not at all outside the realm of possibility that somebody has a box that is listening to all the traffic on your node and analyzing it. ...
      (alt.os.linux)
    • Re: The test source code
      ... O_NONBLOCK will hang until the DCD line on the port is asserted. ... That is precisely what "blocking mode" means! ... used to manipulate a serial port that does not have the DCD line ... with no arguments this program opens the port in ...
      (comp.os.linux.development.system)