[unisog] Port 33
jeff01 at email.unc.edu
Wed Jun 4 19:20:10 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Good recommendation on 'amap'. You may also want to try this Nmap flag
as well, which may help determine the protocol being spoken by/to that
port. It's called the "Protocol Scan":
(with root privileges)
# nmap -sO <host IP>
Jeff Bollinger, CISSP
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc dot edu
Michael Sconzo wrote:
| If you have access to a linux box you might try the tool amap
| (application map) it's used via a network connection and it basically
| determines what applications are running on a given port...ie FTP on
| port 80 etc... It works by determining the protocol of the service
| running on the port.
|>>>I've got a compromised box that is running a service on TCP
|>>port 33. I
|>>can't find anything on from Google, SANS, etc. regarding this
|>>that it's "supposed to be" the Display Support Protocol.
|>>Using telnet to
|>>connect to the port provides the following:
|>>># telnet a.b.c.d 33
|>>>Connected to a.b.c.d.
|>>>Escape character is '^]'.
|>>> [Pressed <Enter>]
|>>>500 Not Loged in
|>>>Has anyone else seen this?
|>>>Sr. Systems Engineer, NET
|>>>George Mason University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the unisog