Try using Nessus. I think that Nessus will try to identify network services running on available service ports. It does this by initiating a variety of dialogues of known services with the service port to elicit a response. If you wanted to do it manually, you could try to point various clients at the services such as Back Orifice, SubSeven, etc. Sincerely, Stephen C. Thompson, Piranha Team Network Security Engineer Fishnet Security 1710 Walnut Kansas City, MO 64108 Tel: 816-421-6611 Fax: 816-421-6677 Cell: 816-522-6369 <http://www.fishnetsecurity.com> * 2000 & 2001 Top 10 Kansas City Small Business * 2000 Deloitte & Touche Fast 50 Rising Stars * 2000 & 1999 Check Point Fastest Central Region Revenue Growth Award * 2000 & 1999 CRN Top 25 Computer Executives * 1998 Check Point Excellence Award Winners "Some Companies have Network Security Divisions, FishNet is a Network Security integrator. Who should you trust with your Network Security?" _______________________________________________________________________ The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system. _______________________________________________________________________ -----Original Message----- From: Erik Norman [mailto:erik.normanat_private] Sent: Monday, July 02, 2001 5:14 AM To: pen test Subject: Port identification methodology Hi all, I have a question regarding methodology while performing a PT. It concerns identifying programs/services. Imagine a full nmap scan has been performed. A handfull of open ports was found on a particular server. The usual 25, 53, 80 etc are identified, but one or two ports stand out from the crowd. Looking in various 'common ports' files does not provide a hint what the port is used for. Connecting with telnet yields no text, and a tcpdump dump does not provide any text (in clear anyway). Now what!??? How should one approach this? /Erik ---------------------------------------------------------------------------- ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 13:59:38 PDT