[unisog] Port 33

Jeff Bollinger jeff01 at email.unc.edu
Wed Jun 4 19:20:10 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good recommendation on 'amap'.  You may also want to try this Nmap flag
as well, which may help determine the protocol being spoken by/to that
port.  It's called the "Protocol Scan":

(with root privileges)

# nmap -sO <host IP>

Thanks,
Jeff

- --
Jeff Bollinger, CISSP
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc dot edu

Michael Sconzo wrote:
| If you have access to a linux box you might try the tool amap
| (application map) it's used via a network connection and it basically
| determines what applications are running on a given port...ie FTP on
| port 80 etc...  It works by determining the protocol of the service
| running on the port.
|
| -Mike
|

|>>>
|>>>I've got a compromised box that is running a service on TCP
|>>
|>>port 33.  I
|>>can't find anything on from Google, SANS, etc. regarding this
|>>port, except
|>>that it's "supposed to be" the Display Support Protocol.
|>>Using telnet to
|>>connect to the port provides the following:
|>>
|>>># telnet a.b.c.d 33
|>>>Trying a.b.c.d...
|>>>Connected to a.b.c.d.
|>>>Escape character is '^]'.
|>>> [Pressed <Enter>]
|>>>220 v:0.2
|>>>?
|>>>500 Not Loged in
|>>>^]
|>>>telnet> close
|>>>Connection closed.
|>>>#
|>>>
|>>>Has anyone else seen this?
|>>>
|>>>Regards,
|>>>
|>>>Steve Bernard
|>>>Sr. Systems Engineer, NET
|>>>George Mason University
|>>>Fairfax, Virginia

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+3kZqvoVlxVBmgsURAs6xAJ9giTVQ6KNzK3M2UfCQFxzqPF77+QCfSYKL
XFJd07FAYyqWK1aq2ncE/HQ=
=4S5v
-----END PGP SIGNATURE-----



More information about the unisog mailing list