Re: nmap shows open UDP port 113

• Previous message: dd: "Re: Pen-tester's analysis of .NET security?"
• Maybe in reply to: BillyBobKnob: "nmap shows open UDP port 113"
• Next in thread: Gregory Spath: "Re: nmap shows open UDP port 113"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 25 Mar 2004 16:52:57 -0500 (EST)
To: "R. DuFresne" <dufresne@sysinfo.com>, BillyBobKnob <billybobknob@hotmail.com>

I have gotten often confusing feedback from nmap before. It always came down to checking
the actual packets themselves. I always log the packets themselves in a binary format in
case of discrepancy or conflicting results. I would advise you to log your
scanning/testing all in binary mode so you can verify unequivocally what has transpired.
Quick and easy to do with a bpf filter and bitmask.

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------

On Mar 25, "R. DuFresne" <dufresne@sysinfo.com> wrote:

auth is tcp port 113 associated, at least in most setups I've seen, and
can be disabled by editing /etc/inetd.conf and commenting it out, it's a
tad different for say a redhat system and others using xinetd, but, not
all that touch to close;

properly edit the /etc/xinetd.d file corresponding to the service in
question, particulrly the disable = line.

What is interesting is that your system responds to udp port 113....

Thanks,

Ron DuFresne

On Wed, 24 Mar 2004, BillyBobKnob wrote:

> My friend asked me to see if I could scan or penetrate his firewall. He =
> only told me that it was a Linux box setup as a firewall running NAT to =
> hide internal IPs.
>
> - I did a nmap -O and a nmap -O --fuzzy but it said "too many =
> fingerprints match for accurate OS guess"
> but it did tell me that TCP port 113 was in the closed state
> - so I tried a TCP reverse inet scan (nmap -sT -I) and it still gave me =
> same info as this port was closed
> - so I tried nmap -sU and no results
> - then I tried nmap -sU -p 113 and it said that UDP port 113 was open !!
>
> I was then able to netcat to it (nc -u ipaddress 113) and I verified =
> that I was connected with a netstat.
>
> While connected via netcat I tried sending it commands like (ls, cd .., =
> help, echo) but got nothing.
>
>
> Is there anything that can be done with this connection ??
> Or is there anyway to find out what internal IPs are behind it ?
>
>
> Thanks,
> Bill
>
>
> ---------------------------------------------------------------------------
> You're a pen tester, but is google.com still your R&D team?
> Now you can get trustworthy commercial-grade exploits and the latest
> techniques from a world-class research group.
> www.coresecurity.com/promos/sf_ept1
> ----------------------------------------------------------------------------
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        <a href='http://sysinfo.com'>http://sysinfo.com>
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------

• Previous message: dd: "Re: Pen-tester's analysis of .NET security?"
• Maybe in reply to: BillyBobKnob: "nmap shows open UDP port 113"
• Next in thread: Gregory Spath: "Re: nmap shows open UDP port 113"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]