Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Service Identification
From: "MARTIN M. Bénoni" <benoni_martin () hotmail com>
Date: Mon, 08 Dec 2003 09:19:50 +0000

Hi!

I had the same behavior with one my boxes (nmap sees an open port but not reply when attempting to connect to it). In my case, it was normal because I was running a honeypot on my target: I tried one of them (well a very basic one, NFR BOF under Window$ and IPtrap under Linux, but any "better" honeypot should do this, even a netcat I guess) asking these tools to monitor TCP/23, Nmap running against them found TCP/23 open (even if there were NO REAL service listenig on these ports)...but when telneting the target, no reply.

So one possible reason of this in your case could be a simple honeypot or any tool like this running on your target.

If you do not have physical access to the machine but a possible ssh for instance, it should be easy to check what's really going on it...


From: "Beaty, Bryan" <Bryan.Beaty () vector com>
To: <pen-test () securityfocus com>
Subject: Service Identification
Date: Sun, 7 Dec 2003 11:21:01 -0600

I port scanned a box I am working on. I know the box is some form of
Linux. I see that port 23,25 and 53 are open. I can identify 53 as DNS.
Both NMAP and AMAP identify it as DNS.

Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I
telnet <ip> 23 or 25 I get a blank screen. If I type I just get blank
spaces or underscore symbols on the screen.

Does this mean the telnet and SMTP server have crashed?
Could it be that someone has installed some other service on these
ports?
How do you identify services that respond like this? Seems like I run
into this from time to time but I never have learned how to deal with
it.

Any ideas what to do at this point? I do not have physical access to the
box.

Thanks,
Bryan Beaty

---------------------------------------------------------------------------
----------------------------------------------------------------------------


_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]