Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: Port identification methodology
From: Franck Veysset <franck.veysset () intranode com>
Date: Mon, 02 Jul 2001 19:12:21 +0200
There have been some work done on this subject.

you can have a look at Nessus. There is a plugin called "find-services"
which do something like this. It just try to recognize which service is
running on which port.

This plugin, written in C, is available at :
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-plugins/plugins/find_service/

If I remember well, Saurik have also done some work on Nmap. A patch
was performing such a function. More information at:

ftp://ftp.saurik.com/pub/nmap/

Hope this help...

-Franck


Erik Norman a écrit :


Hi all,

I have a question regarding methodology while performing a
PT. It concerns identifying programs/services.

Imagine a full nmap scan has been performed. A handfull
of open ports was found on a particular server. The
usual 25, 53, 80 etc are identified, but one or two ports
stand out from the crowd. Looking in various 'common ports'
files does not provide a hint what the port is used for.

Connecting with telnet yields no text, and a tcpdump
dump does not provide any text (in clear anyway).

Now what!???

How should one approach this?

/Erik

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/


-- 
Franck Veysset  E-mail: franck.veysset () intranode com
http://www.INTRANODE.com  -  Tel: +33 (0)2 23 45 55 04
            -- Security Lab Engineer --

      O   ascii ribbon campaign against html
      |\    email and Microsoft attachments.

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]