December 2016
Beginner
494 pages
12h 34m
English
Content preview from Network Security Assessment, 3rd Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 7. Assessing Common Network Services
This chapter details tactics used to assess services including FTP, SSH, Telnet, DNS, NTP, SNMP, LDAP, and Kerberos. Vulnerability scanners perform scripted tests against network services. Manual investigative approaches are used to:
-
Qualify and disregard the output of automated tools
-
Understand the low-level configuration of the environment
-
Fill gaps in coverage
Table 7-1 lists the default TCP and UDP ports of services covered in this chapter. The final column denotes whether THC Hydra1 supports brute-force password grinding of the protocol. Individual RPC services listen on dynamic high ports, and alternative ports may be used by services including SSH and FTP.
| Port | Protocol | TLS | Name | Description | Hydra | |
|---|---|---|---|---|---|---|
| TCP | UDP | |||||
| 21 |
● |
– | – | ftp | File Transfer Protocol | ● |
| 990 |
● |
– |
● |
ftps | ||
| 22 |
● |
– | – | ssh | Secure shell service |
● |
| 23 |
● |
– | – | telnet | Telnet service |
● |
| 53 |
● |
● |
– | domain | DNS service | – |
| 69 | – |
● |
– | tftp | Trivial File Transfer Protocol | – |
| 88 |
● |
● |
– | kerberos | Kerberos authentication service | – |
| 111 |
● |
● |
– | sunrpc | Unix RPC portmapper service | – |
| 123 | – |
● |
– | ntp | Network Time Protocol | – |
| 161 | – |
● |
– | snmp | Simple Network Management Protocol |
● |
| 389 |
● |
● |
– | ldap | Lightweight Directory Access Protocol |
● |
| 636 |
● |
– |
● |
ldaps | ||
| 623 | – |
● |
– | ipmi | Intelligent Platform Management Interface | – |
| 464 |
● |
● |
– | kpasswd | Kerberos password service | – |
| 749 |
● |
● |
– | kerberos-adm | MIT ... | |