Re: Connecting to different services with source port 53

From: Martin Stöfler (
Date: 06/23/05

  • Next message: "Antwort: Sniffing Encrypted Traffic (w/ keys)"
    Date: Thu, 23 Jun 2005 15:10:51 +0200


    Not a problem at all;

    sh#>nc -v -p 53 80

    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 ESTABLISHED2917/nc

    If the connection is not limited to UDP traffic (as DNS is usualy UDP,
    except for zone-transfers...). But since your nmap scan went through,
    chances are high that the ACL on the attacked site looks something like:

    source any port:53 -> dest. internal-server port:any = allow


    On Thu, 2005-06-23 at 09:38 +0200, Christian Perst wrote:
    > Hi list,
    > I'm pen-testing a system and with a normal "nmap -sS" I get no
    > response. If I change the source port I could get through to
    > the system, as you can see.
    > 21/tcp open ftp
    > 80/tcp open http
    > 88/tcp open kerberos-sec
    > 135/tcp open msrpc
    > 389/tcp open ldap
    > 443/tcp open https
    > 464/tcp open kpasswd5
    > 593/tcp open http-rpc-epmap
    > 636/tcp open ldapssl
    > 1026/tcp open LSA-or-nterm
    > 1029/tcp open ms-lsa
    > 1033/tcp open netinfo
    > 1720/tcp open H.323/Q.931
    > 1723/tcp open pptp
    > 3268/tcp open globalcatLDAP
    > 3269/tcp open globalcatLDAPssl
    > 3372/tcp open msdtc
    > 3389/tcp open ms-term-serv
    > 6101/tcp open VeritasBackupExec
    > 6106/tcp open isdninfo
    > 8080/tcp filtered http-proxy
    > 10000/tcp open snet-sensor-mgmt
    > Is there a way, how I can establish a connection using source
    > port 53?
    > Thanks,
    > Chris

    Stoefler Martin
    Security Engineer
    IKARUS Software GmbH
    Fillgradergasse 7
    A-1060 Vienna
    Hacking is the art of esoteric quests, 
    of priceless and worthless secrets.  
    Odd bits of raw data from smashed machinery of intelligence
    and slavery reassembled in a mosaic both hilarious in its absurdity
    and frightening in its power.

  • Next message: "Antwort: Sniffing Encrypted Traffic (w/ keys)"

    Relevant Pages