Unusual ports found in nmap scan
From: kiwi99@hushmail.comDate: 02/27/02
- Previous message: my bugtraq: "Re: GPRS security"
- Next in thread: Mehmet Murat Gunsay: "Re: Unusual ports found in nmap scan"
- Reply: Mehmet Murat Gunsay: "Re: Unusual ports found in nmap scan"
- Reply: Nessim Kisserli: "Re: Unusual ports found in nmap scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: kiwi99@hushmail.com To: pen-test@securityfocus.com Date: Wed, 27 Feb 2002 10:12:01 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello All
I'm currently pentesting a client and nmap reports that a particular host has the following ports open:
82/tcp
445/tcp
447/tcp
All other ports are filtered - the host is behind a Check Point firewall.
Nmap OS identification states it's very unreliable as it can't find a closed port, but suggests FreeBSD or D-Link.
The IP address has no DNS name, and as you can see no web/mail services are running (these are handled by other servers on the subnet).
RFC1700 states that these ports are xfer, microsoft-ds and DDM-RDB respectively. Clearly the client could be running anything on these ports - netcat reveals no banner information at all.
I can't find any meaningful info on the xfer utility.
DDM-RDB information suggests that it's an AS/400 protocol.
That's rather contradicted by microsoft-ds which implies it's a Win2K box.
Does anyone have any further information on these ports and what sort of application might be running using these open ports (assuming they are what they say they are!)
Also assuming it's Win2K are there any tools for enumeration on port 445?
All help appreciated
Dave
Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wlsEARECABsFAjx9Ic4UHGtpd2k5OUBodXNobWFpbC5jb20ACgkQHE/0wvT4MVRnPwCf
UZTDj9+KVg3PYlYCQbDjeIldekIAn3PG/zwvpnGK53FX1Zvolh3nZrQW
=zz2v
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: my bugtraq: "Re: GPRS security"
- Next in thread: Mehmet Murat Gunsay: "Re: Unusual ports found in nmap scan"
- Reply: Mehmet Murat Gunsay: "Re: Unusual ports found in nmap scan"
- Reply: Nessim Kisserli: "Re: Unusual ports found in nmap scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
