Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Service Identification
From: "Beaty, Bryan" <Bryan.Beaty () vector com>
Date: Mon, 8 Dec 2003 12:58:34 -0600

I did try this. It was unable to identify the service. I contacted the
client and they stated these were indeed Telnet and SMTP but protected
by TCP wrappers. 

Does this sound like the response I would get by a service protected by
TCP wrappers? 


-----Original Message-----
From: Meidinger Chris [mailto:chris.meidinger () badenit de] 
Sent: Monday, December 08, 2003 8:29 AM
To: Beaty, Bryan
Cc: pen-test () securityfocus com
Subject: RE: Service Identification

Small tip: nmap version 3.40 or newer has an option -sV, which is
verification. It will fire a lot of different packets at the port trying
get a bead on what is behind it. Did you try that?

Chris Meidinger

-----Original Message-----
From: Beaty, Bryan [mailto:Bryan.Beaty () vector com]
Sent: Sunday, December 07, 2003 6:21 PM
To: pen-test () securityfocus com
Subject: Service Identification

I port scanned a box I am working on. I know the box is some form of
Linux. I see that port 23,25 and 53 are open. I can identify 53 as DNS.
Both NMAP and AMAP identify it as DNS. 

Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I
telnet <ip> 23 or 25 I get a blank screen. If I type I just get blank
spaces or underscore symbols on the screen. 

Does this mean the telnet and SMTP server have crashed?
Could it be that someone has installed some other service on these
How do you identify services that respond like this? Seems like I run
into this from time to time but I never have learned how to deal with

Any ideas what to do at this point? I do not have physical access to the

Bryan Beaty




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]