Re: nmap shows open UDP port 113
From: R. DuFresne (dufresne_at_sysinfo.com)
Date: 03/25/04
- Previous message: Jeff Bryner: "RE: Pen-tester's analysis of .NET security?"
- In reply to: BillyBobKnob: "nmap shows open UDP port 113"
- Next in thread: Gabriel Alexandros: "Re: nmap shows open UDP port 113"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Mar 2004 12:01:07 -0500 (EST) To: BillyBobKnob <billybobknob@hotmail.com>
auth is tcp port 113 associated, at least in most setups I've seen, and
can be disabled by editing /etc/inetd.conf and commenting it out, it's a
tad different for say a redhat system and others using xinetd, but, not
all that touch to close;
properly edit the /etc/xinetd.d file corresponding to the service in
question, particulrly the disable = line.
What is interesting is that your system responds to udp port 113....
Thanks,
Ron DuFresne
On Wed, 24 Mar 2004, BillyBobKnob wrote:
> My friend asked me to see if I could scan or penetrate his firewall. He =
> only told me that it was a Linux box setup as a firewall running NAT to =
> hide internal IPs.
>
> - I did a nmap -O and a nmap -O --fuzzy but it said "too many =
> fingerprints match for accurate OS guess"
> but it did tell me that TCP port 113 was in the closed state
> - so I tried a TCP reverse inet scan (nmap -sT -I) and it still gave me =
> same info as this port was closed
> - so I tried nmap -sU and no results
> - then I tried nmap -sU -p 113 and it said that UDP port 113 was open !!
>
> I was then able to netcat to it (nc -u ipaddress 113) and I verified =
> that I was connected with a netstat.
>
> While connected via netcat I tried sending it commands like (ls, cd .., =
> help, echo) but got nothing.
>
>
> Is there anything that can be done with this connection ??
> Or is there anyway to find out what internal IPs are behind it ?
>
>
> Thanks,
> Bill
>
>
> ---------------------------------------------------------------------------
> You're a pen tester, but is google.com still your R&D team?
> Now you can get trustworthy commercial-grade exploits and the latest
> techniques from a world-class research group.
> www.coresecurity.com/promos/sf_ept1
> ----------------------------------------------------------------------------
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
- Previous message: Jeff Bryner: "RE: Pen-tester's analysis of .NET security?"
- In reply to: BillyBobKnob: "nmap shows open UDP port 113"
- Next in thread: Gabriel Alexandros: "Re: nmap shows open UDP port 113"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
