From: R. DuFresne (dufresne@sysinfo.com)
Date: Mon Dec 08 2003 - 19:26:19 EST
Most often tcpwrappers <tcpd> will have a 'twist' associated with a
service it is protecting, and/or an allow or deny depending upon
somethinbg like the IP connecting. TCPD tends to reject the connections
not allowed wiht a 'banner' stating the fact/reason.
Thanks,
Ron DuFresne
On Mon, 8 Dec 2003, Beaty, Bryan wrote:
> I did try this. It was unable to identify the service. I contacted the
> client and they stated these were indeed Telnet and SMTP but protected
> by TCP wrappers.
>
> Does this sound like the response I would get by a service protected by
> TCP wrappers?
>
> Thanks,
> Bryan
>
>
>
> -----Original Message-----
> From: Meidinger Chris [mailto:chris.meidinger@badenit.de]
> Sent: Monday, December 08, 2003 8:29 AM
> To: Beaty, Bryan
> Cc: pen-test@securityfocus.com
> Subject: RE: Service Identification
>
> Small tip: nmap version 3.40 or newer has an option -sV, which is
> service
> verification. It will fire a lot of different packets at the port trying
> to
> get a bead on what is behind it. Did you try that?
>
> Chris Meidinger
>
> -----Original Message-----
> From: Beaty, Bryan [mailto:Bryan.Beaty@vector.com]
> Sent: Sunday, December 07, 2003 6:21 PM
> To: pen-test@securityfocus.com
> Subject: Service Identification
>
>
> I port scanned a box I am working on. I know the box is some form of
> Linux. I see that port 23,25 and 53 are open. I can identify 53 as DNS.
> Both NMAP and AMAP identify it as DNS.
>
> Port 23 and 25 are open but cannot be identified by AMAP or NMAP. When I
> telnet <ip> 23 or 25 I get a blank screen. If I type I just get blank
> spaces or underscore symbols on the screen.
>
> Does this mean the telnet and SMTP server have crashed?
> Could it be that someone has installed some other service on these
> ports?
> How do you identify services that respond like this? Seems like I run
> into this from time to time but I never have learned how to deal with
> it.
>
> Any ideas what to do at this point? I do not have physical access to the
> box.
>
> Thanks,
> Bryan Beaty
>
> ------------------------------------------------------------------------
> ---
> ------------------------------------------------------------------------
> ----
>
> ------------------------------------------------------------------------
> ---
> ------------------------------------------------------------------------
> ----
>
>
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT