Re: Connecting to different services with source port 53

From: Martin Stöfler (stoefler_at_ikarus.at)
Date: 06/23/05

  • Next message: c.ehlen_at_bull.de: "Antwort: Sniffing Encrypted Traffic (w/ keys)"
    To: chris_perst@gmx.de
    Date: Thu, 23 Jun 2005 15:10:51 +0200
    
    

    Hi,

    Not a problem at all;

    sh#>nc -v -p 53 127.0.0.1 80

    netstat:
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:53 127.0.0.1:22 ESTABLISHED2917/nc

    If the connection is not limited to UDP traffic (as DNS is usualy UDP,
    except for zone-transfers...). But since your nmap scan went through,
    chances are high that the ACL on the attacked site looks something like:

    source any port:53 -> dest. internal-server port:any = allow

    hth,
    martin

    On Thu, 2005-06-23 at 09:38 +0200, Christian Perst wrote:
    > Hi list,
    >
    > I'm pen-testing a system and with a normal "nmap -sS" I get no
    > response. If I change the source port I could get through to
    > the system, as you can see.
    >
    > 21/tcp open ftp
    > 80/tcp open http
    > 88/tcp open kerberos-sec
    > 135/tcp open msrpc
    > 389/tcp open ldap
    > 443/tcp open https
    > 464/tcp open kpasswd5
    > 593/tcp open http-rpc-epmap
    > 636/tcp open ldapssl
    > 1026/tcp open LSA-or-nterm
    > 1029/tcp open ms-lsa
    > 1033/tcp open netinfo
    > 1720/tcp open H.323/Q.931
    > 1723/tcp open pptp
    > 3268/tcp open globalcatLDAP
    > 3269/tcp open globalcatLDAPssl
    > 3372/tcp open msdtc
    > 3389/tcp open ms-term-serv
    > 6101/tcp open VeritasBackupExec
    > 6106/tcp open isdninfo
    > 8080/tcp filtered http-proxy
    > 10000/tcp open snet-sensor-mgmt
    >
    > Is there a way, how I can establish a connection using source
    > port 53?
    >
    > Thanks,
    > Chris

    -- 
    Stoefler Martin
    Security Engineer
    IKARUS Software GmbH
    Fillgradergasse 7
    A-1060 Vienna
    0043+1+58995+102
    <stoefler.m@ikarus.at>
    www.ikarus-software.at
    Hacking is the art of esoteric quests, 
    of priceless and worthless secrets.  
    Odd bits of raw data from smashed machinery of intelligence
    and slavery reassembled in a mosaic both hilarious in its absurdity
    and frightening in its power.
    

  • Next message: c.ehlen_at_bull.de: "Antwort: Sniffing Encrypted Traffic (w/ keys)"

    Relevant Pages