From: Martin Stöfler (stoeflerikarus.at)
Date: Thu Jun 23 2005 - 08:10:51 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Not a problem at all;

sh#>nc -v -p 53 127.0.0.1 80

netstat:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:53 127.0.0.1:22 ESTABLISHED2917/nc

If the connection is not limited to UDP traffic (as DNS is usualy UDP,
except for zone-transfers...). But since your nmap scan went through,
chances are high that the ACL on the attacked site looks something like:

source any port:53 -> dest. internal-server port:any = allow

hth,
martin

On Thu, 2005-06-23 at 09:38 +0200, Christian Perst wrote:
> Hi list,
>
> I'm pen-testing a system and with a normal "nmap -sS" I get no
> response. If I change the source port I could get through to
> the system, as you can see.
>
> 21/tcp open ftp
> 80/tcp open http
> 88/tcp open kerberos-sec
> 135/tcp open msrpc
> 389/tcp open ldap
> 443/tcp open https
> 464/tcp open kpasswd5
> 593/tcp open http-rpc-epmap
> 636/tcp open ldapssl
> 1026/tcp open LSA-or-nterm
> 1029/tcp open ms-lsa
> 1033/tcp open netinfo
> 1720/tcp open H.323/Q.931
> 1723/tcp open pptp
> 3268/tcp open globalcatLDAP
> 3269/tcp open globalcatLDAPssl
> 3372/tcp open msdtc
> 3389/tcp open ms-term-serv
> 6101/tcp open VeritasBackupExec
> 6106/tcp open isdninfo
> 8080/tcp filtered http-proxy
> 10000/tcp open snet-sensor-mgmt
>
> Is there a way, how I can establish a connection using source
> port 53?
>
> Thanks,
> Chris
--
Stoefler Martin
Security Engineer

IKARUS Software GmbH
Fillgradergasse 7
A-1060 Vienna
0043+1+58995+102
<stoefler.mikarus.at>
www.ikarus-software.at

Hacking is the art of esoteric quests,
of priceless and worthless secrets.
Odd bits of raw data from smashed machinery of intelligence
and slavery reassembled in a mosaic both hilarious in its absurdity
and frightening in its power.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]