Hi,
Not a problem at all;
sh#>nc -v -p 53 127.0.0.1 80
netstat:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:53 127.0.0.1:22 ESTABLISHED2917/nc
If the connection is not limited to UDP traffic (as DNS is usualy UDP,
except for zone-transfers...). But since your nmap scan went through,
chances are high that the ACL on the attacked site looks something like:
source any port:53 -> dest. internal-server port:any = allow
hth,
martin
On Thu, 2005-06-23 at 09:38 +0200, Christian Perst wrote:
Hi list,
I'm pen-testing a system and with a normal "nmap -sS" I get no
response. If I change the source port I could get through to
the system, as you can see.
21/tcp open ftp
80/tcp open http
88/tcp open kerberos-sec
135/tcp open msrpc
389/tcp open ldap
443/tcp open https
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
1026/tcp open LSA-or-nterm
1029/tcp open ms-lsa
1033/tcp open netinfo
1720/tcp open H.323/Q.931
1723/tcp open pptp
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3372/tcp open msdtc
3389/tcp open ms-term-serv
6101/tcp open VeritasBackupExec
6106/tcp open isdninfo
8080/tcp filtered http-proxy
10000/tcp open snet-sensor-mgmt
Is there a way, how I can establish a connection using source
port 53?
Thanks,
Chris
--
Stoefler Martin
Security Engineer
IKARUS Software GmbH
Fillgradergasse 7
A-1060 Vienna
0043+1+58995+102
<stoefler.m@ikarus.at>
www.ikarus-software.at
Hacking is the art of esoteric quests,
of priceless and worthless secrets.
Odd bits of raw data from smashed machinery of intelligence
and slavery reassembled in a mosaic both hilarious in its absurdity
and frightening in its power.
