There have been some work done on this subject. you can have a look at Nessus. There is a plugin called "find-services" which do something like this. It just try to recognize which service is running on which port. This plugin, written in C, is available at : http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-plugins/plugins/find_service/ If I remember well, Saurik have also done some work on Nmap. A patch was performing such a function. More information at: ftp://ftp.saurik.com/pub/nmap/ Hope this help... -Franck Erik Norman a écrit : > > Hi all, > > I have a question regarding methodology while performing a > PT. It concerns identifying programs/services. > > Imagine a full nmap scan has been performed. A handfull > of open ports was found on a particular server. The > usual 25, 53, 80 etc are identified, but one or two ports > stand out from the crowd. Looking in various 'common ports' > files does not provide a hint what the port is used for. > > Connecting with telnet yields no text, and a tcpdump > dump does not provide any text (in clear anyway). > > Now what!??? > > How should one approach this? > > /Erik > > -------------------------------------------------------------------------------------- > > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service > For more information on SecurityFocus' SIA service which automatically alerts you to > the latest security vulnerabilities please see: > > https://alerts.securityfocus.com/ -- Franck Veysset E-mail: franck.veyssetat_private http://www.INTRANODE.com - Tel: +33 (0)2 23 45 55 04 -- Security Lab Engineer -- O ascii ribbon campaign against html |\ email and Microsoft attachments. -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 07:04:40 PDT