Re: Port 10204 and 10203 identified

Mon, 08 Aug 2005 10:22:26 -0700

Could you do a scan with just this plugin and the option "enable plugin dependencies" and do a full pcap capture (tcpdump or ethereal) between nessus server and the host you are scanning and send me the result ? 

Thanks,

Nicolas

On Aug 8, 2005, at 1:09 PM, Mercer, Jeff wrote:


All plugins were enabled.



-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Pouvesle
Sent: Monday, August 08, 2005 12:29 PM
To: [email protected]
Subject: Re: Port 10204 and 10203 identified

Plugin 17307 identify this service and detect if the remote version
of Licensing service is vulnerable to a buffer overflow.
Add this plugin to your scan and the service should be detected.


Regards,

Nicolas


On Aug 8, 2005, at 12:20 PM, Mercer, Jeff wrote:




Nessus 2.2.4 couldn't identify the service on port 10204 on


a server I


scanned.

"An unknown server is running on this port.
If you know what it is, please send this banner to the Nessus team:
00: 41 32 20 47 45 54 4f 4c 46 20 3c 45 4f 4d 3e       A2 GETOLF
<EOM>   "

The service running on the port is part of the Computer Associates
licensing
engine, typically running as lic98rmt.exe. May be found on Win2K
and XP
installs as well as 95/98. In this case it was the


licensing software


installed to support eTrust AntiVirus 7.1.


 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeff Mercer - ITS Security & BTINet Systems Administration

"This electronic message transmission contains information


from the


office
of Jeff Mercer, ITC^DeltaCom, Inc., which may be confidential or
privileged.
The information is intended to be for the use of the individual or
entity
named above.  If you are not the intended recipient, be


aware that any


disclosure, copying, distribution or use of the contents of this
information
is prohibited. If you have received this electronic


transmission in


error,
please notify us by telephone 919-863-7257 or by electronic mail
[EMAIL PROTECTED] immediately."
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus




_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus





_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to