Chapter 7. Assessing Common Network Services
This chapter details tactics used to assess services including FTP, SSH, Telnet, DNS, NTP, SNMP, LDAP, and Kerberos. Vulnerability scanners perform scripted tests against network services. Manual investigative approaches are used to:
-
Qualify and disregard the output of automated tools
-
Understand the low-level configuration of the environment
-
Fill gaps in coverage
Table 7-1 lists the default TCP and UDP ports of services covered in this chapter. The final column denotes whether THC Hydra1 supports brute-force password grinding of the protocol. Individual RPC services listen on dynamic high ports, and alternative ports may be used by services including SSH and FTP.
| Port | Protocol | TLS | Name | Description | Hydra | |
|---|---|---|---|---|---|---|
| TCP | UDP | |||||
| 21 |
● |
– | – | ftp | File Transfer Protocol | ● |
| 990 |
● |
– |
● |
ftps | ||
| 22 |
● |
– | – | ssh | Secure shell service |
● |
| 23 |
● |
– | – | telnet | Telnet service |
● |
| 53 |
● |
● |
– | domain | DNS service | – |
| 69 | – |
● |
– | tftp | Trivial File Transfer Protocol | – |
| 88 |
● |
● |
– | kerberos | Kerberos authentication service | – |
| 111 |
● |
● |
– | sunrpc | Unix RPC portmapper service | – |
| 123 | – |
● |
– | ntp | Network Time Protocol | – |
| 161 | – |
● |
– | snmp | Simple Network Management Protocol |
● |
| 389 |
● |
● |
– | ldap | Lightweight Directory Access Protocol |
● |
| 636 |
● |
– |
● |
ldaps | ||
| 623 | – |
● |
– | ipmi | Intelligent Platform Management Interface | – |
| 464 |
● |
● |
– | kpasswd | Kerberos password service | – |
| 749 |
● |
● |
– | kerberos-adm | MIT ... | |
Get Network Security Assessment, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
