RE: Service Identification

From: Beaty, Bryan (Bryan.Beaty_at_vector.com)
Date: 12/08/03

  • Next message: Benjamin Tomhave: "RE: john the ripper" 
    Date: Mon, 8 Dec 2003 12:58:34 -0600
To: "Meidinger Chris" <chris.meidinger@badenit.de>

    I did try this. It was unable to identify the service. I contacted the
    client and they stated these were indeed Telnet and SMTP but protected
    by TCP wrappers.

    Does this sound like the response I would get by a service protected by
    TCP wrappers?

    Thanks,
    Bryan

    -----Original Message-----
    From: Meidinger Chris [mailto:chris.meidinger@badenit.de]
    Sent: Monday, December 08, 2003 8:29 AM
    To: Beaty, Bryan
    Cc: pen-test@securityfocus.com
    Subject: RE: Service Identification

    Small tip: nmap version 3.40 or newer has an option -sV, which is
    service
    verification. It will fire a lot of different packets at the port trying
    to
    get a bead on what is behind it. Did you try that?

    Chris Meidinger

    -----Original Message-----
    From: Beaty, Bryan [mailto:Bryan.Beaty@vector.com]
    Sent: Sunday, December 07, 2003 6:21 PM
    To: pen-test@securityfocus.com
    Subject: Service Identification

    I port scanned a box I am working on. I know the box is some form of
    Linux. I see that port 23,25 and 53 are open. I can identify 53 as DNS.
    Both NMAP and AMAP identify it as DNS.

    Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I
    telnet <ip> 23 or 25 I get a blank screen. If I type I just get blank
    spaces or underscore symbols on the screen.

    Does this mean the telnet and SMTP server have crashed?
    Could it be that someone has installed some other service on these
    ports?
    How do you identify services that respond like this? Seems like I run
    into this from time to time but I never have learned how to deal with
    it.

    Any ideas what to do at this point? I do not have physical access to the
    box.

    Thanks,
    Bryan Beaty

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Benjamin Tomhave: "RE: john the ripper"

    Relevant Pages

    • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second
      ... When Nmap (or many ... > other applications, such as Telnet) does a connectcall, the OS is ... > supposed to choose a good souce port to bind to for the connection. ... I saw a familiar "Connection reset by peer" every time the random port ...
      (Incidents)
    • Re: Yes, trying to hack a remote control
      ... I attempted a telnet into that port, and it asked for a username/pass, ... and then upload a modified firmware to the remote. ... The latest versions of nmap have a feature whereby you can run scans ...
      (Security-Basics)
    • Re: Exchange 2000 POP3 to SMTP
      ... Do you know what settings could I have missed to prevent the SMTP service ... SBS Server on the Lan, you need to troubleshoot as to why this is being ... Try telnet to Port 25 on the SBS Server ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: Exchange 2000 POP3 to SMTP
      ... If you are not getting an SMTP banner when telnetting to port 25 of your SBS ... Server on the Lan, you need to troubleshoot as to why this is being blocked ... Try telnet to Port 25 on the SBS Server itself, ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: SMTP Error # 0x800ccc60
      ... Outlook set to port 25 for SMTP. ... Our firewall is not blocking telnet, ... address of your SMTP server on port 25. ...
      (microsoft.public.outlook)