Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Service Identification
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Mon, 8 Dec 2003 15:28:39 +0100

Small tip: nmap version 3.40 or newer has an option -sV, which is service
verification. It will fire a lot of different packets at the port trying to
get a bead on what is behind it. Did you try that?

Chris Meidinger

-----Original Message-----
From: Beaty, Bryan [mailto:Bryan.Beaty () vector com]
Sent: Sunday, December 07, 2003 6:21 PM
To: pen-test () securityfocus com
Subject: Service Identification


I port scanned a box I am working on. I know the box is some form of
Linux. I see that port 23,25 and 53 are open. I can identify 53 as DNS.
Both NMAP and AMAP identify it as DNS. 

Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I
telnet <ip> 23 or 25 I get a blank screen. If I type I just get blank
spaces or underscore symbols on the screen. 

Does this mean the telnet and SMTP server have crashed?
Could it be that someone has installed some other service on these
ports?
How do you identify services that respond like this? Seems like I run
into this from time to time but I never have learned how to deal with
it. 

Any ideas what to do at this point? I do not have physical access to the
box. 

Thanks,
Bryan Beaty

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]