Re: nmap shows open UDP port 113

From: Gregory Spath (gkspath@armstrong.com)
Date: Mon Mar 29 2004 - 13:21:55 EST

• Next message: Jeff Bryner: "RE: How to evade white spaces in a SQL injection"
• Previous message: Blake: "A follow-up on Email Pen-testing"
• In reply to: BillyBobKnob: "nmap shows open UDP port 113"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

113 is identd/auth.

One linux-based firewall that I am aware of that runs Ident by default (it
can be disabled) is smoothwall.

IRC servers, and some other services are a pain to connect to if they
cannot connect back to an ident server. I used to run a masquerading
ident for all the people on my home lan myself because of this.

On Wed, 24 Mar 2004 22:57:49 -0400
"BillyBobKnob" <billybobknob@hotmail.com> wrote:

> My friend asked me to see if I could scan or penetrate his firewall. He
> = only told me that it was a Linux box setup as a firewall running NAT
> to = hide internal IPs.
>
> - I did a nmap -O and a nmap -O --fuzzy but it said "too many =
> fingerprints match for accurate OS guess"
> but it did tell me that TCP port 113 was in the closed state
> - so I tried a TCP reverse inet scan (nmap -sT -I) and it still gave me
> = same info as this port was closed
> - so I tried nmap -sU and no results
> - then I tried nmap -sU -p 113 and it said that UDP port 113 was open !!
>
> I was then able to netcat to it (nc -u ipaddress 113) and I verified =
> that I was connected with a netstat.
>
> While connected via netcat I tried sending it commands like (ls, cd ..,
> = help, echo) but got nothing.
>
>
> Is there anything that can be done with this connection ??
> Or is there anyway to find out what internal IPs are behind it ?
>
>
> Thanks,
> Bill
>
>
> -----------------------------------------------------------------------
> ---- You're a pen tester, but is google.com still your R&D team?
> Now you can get trustworthy commercial-grade exploits and the latest
> techniques from a world-class research group.
> www.coresecurity.com/promos/sf_ept1
> -----------------------------------------------------------------------
> -----

-- 
Gregory Spath
Network Security Analyst
Armstrong World Industries, Inc.
gkspath@armstrong.com
717-396-5938
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------

• Next message: Jeff Bryner: "RE: How to evade white spaces in a SQL injection"
• Previous message: Blake: "A follow-up on Email Pen-testing"
• In reply to: BillyBobKnob: "nmap shows open UDP port 113"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT