From: Martin Stöfler (stoefler@ikarus.at)
Date: Thu Jun 23 2005 - 09:10:51 EDT
Hi,
Not a problem at all;
sh#>nc -v -p 53 127.0.0.1 80
netstat:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:53 127.0.0.1:22 ESTABLISHED2917/nc
If the connection is not limited to UDP traffic (as DNS is usualy UDP,
except for zone-transfers...). But since your nmap scan went through,
chances are high that the ACL on the attacked site looks something like:
source any port:53 -> dest. internal-server port:any = allow
hth,
martin
On Thu, 2005-06-23 at 09:38 +0200, Christian Perst wrote:
> Hi list,
>
> I'm pen-testing a system and with a normal "nmap -sS" I get no
> response. If I change the source port I could get through to
> the system, as you can see.
>
> 21/tcp open ftp
> 80/tcp open http
> 88/tcp open kerberos-sec
> 135/tcp open msrpc
> 389/tcp open ldap
> 443/tcp open https
> 464/tcp open kpasswd5
> 593/tcp open http-rpc-epmap
> 636/tcp open ldapssl
> 1026/tcp open LSA-or-nterm
> 1029/tcp open ms-lsa
> 1033/tcp open netinfo
> 1720/tcp open H.323/Q.931
> 1723/tcp open pptp
> 3268/tcp open globalcatLDAP
> 3269/tcp open globalcatLDAPssl
> 3372/tcp open msdtc
> 3389/tcp open ms-term-serv
> 6101/tcp open VeritasBackupExec
> 6106/tcp open isdninfo
> 8080/tcp filtered http-proxy
> 10000/tcp open snet-sensor-mgmt
>
> Is there a way, how I can establish a connection using source
> port 53?
>
> Thanks,
> Chris
-- Stoefler Martin Security Engineer IKARUS Software GmbH Fillgradergasse 7 A-1060 Vienna 0043+1+58995+102 <stoefler.m@ikarus.at> www.ikarus-software.at Hacking is the art of esoteric quests, of priceless and worthless secrets. Odd bits of raw data from smashed machinery of intelligence and slavery reassembled in a mosaic both hilarious in its absurdity and frightening in its power.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:29 EDT