Re: Wierd non-http port 80 daemon?

From: Francisco Andrades (fandrades_at_nextj.com)
Date: 01/09/04

  • Next message: Roland Venter: "Securing SSH"
    Date: Fri, 09 Jan 2004 17:58:29 +0000
    To: Dani Wuck <wuck@chello.nl>
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi,

    Try using nmap with the newly added -A switch. If you use

    nmap -A -O ip-address

    It will show you the OS version and will use the fingerprint to tell you
    what service (and version sometimes) is running on each port.

    Dani Wuck wrote:
    | G'day. My first post here, and I truly hope I've come to the right place.
    |
    | I've been scanning a box, and it's - lightly taken - set up very
    | insecure. Many open ports, etc. One thing I find strange is the
    | following: The box is open on port 80. But if you telnet into it, it
    | doesn't act anything like a HTTP daemon.
    |
    | #1. If you connect to it, it waits for remote input.
    | #2. It accepts a certain number of chars before it closes the connection.
    | #3. If you immediately send the max. number of chars, (or more) the
    | connection is closed at once.
    | #4. You can send five times an 'a', and then get disconnected.
    | #5. If you'd send 'abc', you'll get disconnected after < 5 times
    | (usually 3 or 2)
    | #6. Every time you send something, (except doing #3) it returns some
    | ASCII that seems to be different everytime. (even if you keep sending
    | the same)
    |
    | So .. what do you think I'm looking at? A trojan or something?
    | Guessing on its open ports I believe it's a WinME OEM, Win2000 or
    | (probably) WinXP box. (UPNP enabled)
    |
    | I'm eager to notify its user, but I first really want to know what that
    | port 80 deamon is :)
    |
    | - wuck
    |
    |
    -
    ---------------------------------------------------------------------------
    | Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
    | any course! All of our class sizes are guaranteed to be 10 students or
    | less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
    | Prevention, and many other technical hands on courses. Visit us at
    | http://www.infosecinstitute.com/securityfocus to get $720 off any
    | course!
    |
    -
    ----------------------------------------------------------------------------

    |

    - --
    Francisco Andrades Grassi
    www.nextj.com
    Tlf: +58-414-125-7415
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQE//uvFGQPFH+shC0oRAhf6AKCr+lAM1TJA1nXnZG7JOcRXynLp0gCgq7+M
    rKcd0mGUFvrnD5sy+45a1qg=
    =p8vA
    -----END PGP SIGNATURE-----

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Roland Venter: "Securing SSH"

    Relevant Pages

    • RE: Abnormal activity.
      ... If you ever wanted to know what service/application is linked to a port, ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • RE: Network discovery
      ... If you're using linux, try using nmap with sql extensions, from ... your network and then analyze the data. ... > Subject: Network discovery ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)
    • Re: Wierd non-http port 80 daemon?
      ... Dani Wuck wrote: ... Many open ports, etc. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ... and many other technical hands on courses. ...
      (Security-Basics)
    • Re: Help installing Nmap
      ... rpm -e nmap nmap-frontend ... > I'm trying to install nmap-3.50xxx.rpm on a redhat ... > We provide Ethical Hacking, ...
      (Security-Basics)
    • Re: Abnormal activity.
      ... port 4662 is used by the well known p2p application Edonkey. ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... Master the skills ...
      (Security-Basics)