-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
As many folks have pointed out, it could be numerous different web services. This is probably not the case in this instance, but a lot of times a host that's running a file sharing application will have an HTTP port open above 1024. Another good tool to try (in addition to Netcat) is "amap" (http://www.linuxinside.it/download.php?cat=11)
It can sometimes idenfity ports by sending garbage to them and seeing what ASCII comes back. Try these flags: -d -b -sT
Jeff
- -- Jeff Bollinger, CISSP University of North Carolina IT Security Analyst 105 Abernethy Hall mailto: [EMAIL PROTECTED] dot edu
[EMAIL PROTECTED] wrote: | All, | | I have found a web server that I cannot identify. It is listening on port | 5050. When I telnet to it I get: | | telnet host.foobar.com 5050 | Trying 10.10.10.10... | Connected to host.foobar.com. | Escape character is '^]'. | | HTTP/1.1 400 Bad Request | Date: Tue, 8 July 2003 14:59:05 | Server: Web/R5_2_2 | | 400 Bad Request | Connection closed by foreign host. | | | If I try to browse to it I am prompted for a username / password. After | entering the wrong password I get the ususal 401 unauthorized. The default | page is layout.html | | Any help would be appreciated. | | --Chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/DBktvoVlxVBmgsURAkCXAJ9DEm75ZVkIO9sRmP36m6C/sZ5hnACghph8 BiZdH+QmcDm6tzQrXQYFN8o= =LCPS -----END PGP SIGNATURE-----
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn more.
----------------------------------------------------------------------------
