Re: Unusual Web Server

From: Jeff Bollinger (jeff01@email.unc.edu)
Date: Wed Jul 09 2003 - 09:31:26 EDT

Next message: James Stibbards: "RE: Product review postings (was Administrivia)"
Previous message: Aleksander P. Czarnowski: "RE: IRIX Pen Testing/Hardening"
In reply to: charrin2@maine.rr.com: "Unusual Web Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As many folks have pointed out, it could be numerous different web
services. This is probably not the case in this instance, but a lot of
times a host that's running a file sharing application will have an HTTP
port open above 1024. Another good tool to try (in addition to Netcat)
is "amap" (http://www.linuxinside.it/download.php?cat=11)

It can sometimes idenfity ports by sending garbage to them and seeing
what ASCII comes back. Try these flags: -d -b -sT

Jeff

- --
Jeff Bollinger, CISSP
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger@unc dot edu

iD8DBQE/DBktvoVlxVBmgsURAkCXAJ9DEm75ZVkIO9sRmP36m6C/sZ5hnACghph8
BiZdH+QmcDm6tzQrXQYFN8o=
=LCPS
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------

Next message: James Stibbards: "RE: Product review postings (was Administrivia)"
Previous message: Aleksander P. Czarnowski: "RE: IRIX Pen Testing/Hardening"
In reply to: charrin2@maine.rr.com: "Unusual Web Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT