Most often than not, the stand out ports identified by NMAP have a vague description attached to it. Then one can search through a list of standard ports defined to services and map it to applications operating on those ports. IMHO most implementations do not change the default operating port of an application. If one digs deep enough, there as always information to be found. The standard port allocation list would be a good place to start. Regards Anup -----Original Message----- From: Erik Norman [mailto:erik.normanat_private] Sent: Monday, July 02, 2001 3:44 PM To: pen test Subject: Port identification methodology Hi all, I have a question regarding methodology while performing a PT. It concerns identifying programs/services. Imagine a full nmap scan has been performed. A handfull of open ports was found on a particular server. The usual 25, 53, 80 etc are identified, but one or two ports stand out from the crowd. Looking in various 'common ports' files does not provide a hint what the port is used for. Connecting with telnet yields no text, and a tcpdump dump does not provide any text (in clear anyway). Now what!??? How should one approach this? /Erik ---------------------------------------------------------------------------- ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 09:25:07 PDT