Re: Service Identification

From: Omar Prunera Dols (oprunera_at_salleURL.edu)
Date: 12/08/03

Next message: MARTIN M. Bénoni: "RE: Service Identification"

Previous message: Michael: "Rootkit Hunter 1.00 RC1 released"
In reply to: Beaty, Bryan: "Service Identification"
Next in thread: MARTIN M. Bénoni: "RE: Service Identification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 8 Dec 2003 17:20:46 +0100 (CET)
To: "Beaty, Bryan" <Bryan.Beaty@vector.com>

Hi,

Recently i found something similar, and the result was a netcat running on
the port i was scanning.

How i find it? I break into the machine and just looking at the processes that were running in
this machine. I found a netcat running on the ports 21, 23, and 25. From
the outside the responses were the ones you explained.

On Sun, 7 Dec 2003, Beaty, Bryan wrote:

> I port scanned a box I am working on. I know the box is some form of
> Linux. I see that port 23,25 and 53 are open. I can identify 53 as DNS.
> Both NMAP and AMAP identify it as DNS.
>
> Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I
> telnet <ip> 23 or 25 I get a blank screen. If I type I just get blank
> spaces or underscore symbols on the screen.
>
> Does this mean the telnet and SMTP server have crashed?
> Could it be that someone has installed some other service on these
> ports?
> How do you identify services that respond like this? Seems like I run
> into this from time to time but I never have learned how to deal with
> it.
>
> Any ideas what to do at this point? I do not have physical access to the
> box.
>
> Thanks,
> Bryan Beaty
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
>

Omar Prunera Dols "Si mires la realitat de prou aprop
oprunera@salleURL.edu en podras veure els pixels"
http://www.salleurl.edu/~tl06367

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: MARTIN M. Bénoni: "RE: Service Identification"

Previous message: Michael: "Rootkit Hunter 1.00 RC1 released"
In reply to: Beaty, Bryan: "Service Identification"
Next in thread: MARTIN M. Bénoni: "RE: Service Identification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]