-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As many folks have pointed out, it could be numerous different web services. This is probably not the case in this instance, but a lot of times a host that's running a file sharing application will have an HTTP port open above 1024. Another good tool to try (in addition to Netcat) is "amap" (http://www.linuxinside.it/download.php?cat=11) It can sometimes idenfity ports by sending garbage to them and seeing what ASCII comes back. Try these flags: -d -b -sT Jeff - -- Jeff Bollinger, CISSP University of North Carolina IT Security Analyst 105 Abernethy Hall mailto: jeff_bollinger@unc dot edu charrin2at_private wrote: | All, | | I have found a web server that I cannot identify. It is listening on port | 5050. When I telnet to it I get: | | telnet host.foobar.com 5050 | Trying 10.10.10.10... | Connected to host.foobar.com. | Escape character is '^]'. | | HTTP/1.1 400 Bad Request | Date: Tue, 8 July 2003 14:59:05 | Server: Web/R5_2_2 | | 400 Bad Request | Connection closed by foreign host. | | | If I try to browse to it I am prompted for a username / password. After | entering the wrong password I get the ususal 401 unauthorized. The default | page is layout.html | | Any help would be appreciated. | | --Chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/DBktvoVlxVBmgsURAkCXAJ9DEm75ZVkIO9sRmP36m6C/sZ5hnACghph8 BiZdH+QmcDm6tzQrXQYFN8o= =LCPS -----END PGP SIGNATURE----- --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jul 09 2003 - 08:34:10 PDT