Re: Unusual ports found in nmap scan
From: Mehmet Murat Gunsay (mgunsay@btkom.com)Date: 03/01/02
- Previous message: Alfred Huger: "Re: CanSecWest '02 conference"
- In reply to: kiwi99@hushmail.com: "Unusual ports found in nmap scan"
- Next in thread: Nessim Kisserli: "Re: Unusual ports found in nmap scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mehmet Murat Gunsay" <mgunsay@btkom.com> To: <pen-test@securityfocus.com> Date: Fri, 1 Mar 2002 09:45:38 +0200
445/tcp suggests the box is W2K and is running netbios, which is pretty much
the equivalent of 139/tcp on NT boxes. Try running dumpsec from
somarsoft.
Mehmet Murat Gunsay
BTKOM A.S.
http://www.btkom.com
mgunsay@btkom.com murat@gunsay.com
PGP Key ID: 0xDDE611E1
----- Original Message -----
From: <kiwi99@hushmail.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, February 27, 2002 8:12 PM
Subject: Unusual ports found in nmap scan
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello All
>
> I'm currently pentesting a client and nmap reports that a particular host has the following ports open:
> 82/tcp
> 445/tcp
> 447/tcp
>
> All other ports are filtered - the host is behind a Check Point firewall.
> Nmap OS identification states it's very unreliable as it can't find a closed port, but suggests FreeBSD or D-Link.
>
> The IP address has no DNS name, and as you can see no web/mail services are running (these are handled by other servers on the
subnet).
>
> RFC1700 states that these ports are xfer, microsoft-ds and DDM-RDB respectively. Clearly the client could be running anything on
these ports - netcat reveals no banner information at all.
>
> I can't find any meaningful info on the xfer utility.
> DDM-RDB information suggests that it's an AS/400 protocol.
> That's rather contradicted by microsoft-ds which implies it's a Win2K box.
>
> Does anyone have any further information on these ports and what sort of application might be running using these open ports
(assuming they are what they say they are!)
>
> Also assuming it's Win2K are there any tools for enumeration on port 445?
>
> All help appreciated
>
> Dave
>
>
> Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
> HushMail Secure Email http://www.hushmail.com/
> HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
> Hush Business - security for your Business http://www.hush.com/
> Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.com
>
> wlsEARECABsFAjx9Ic4UHGtpd2k5OUBodXNobWFpbC5jb20ACgkQHE/0wvT4MVRnPwCf
> UZTDj9+KVg3PYlYCQbDjeIldekIAn3PG/zwvpnGK53FX1Zvolh3nZrQW
> =zz2v
> -----END PGP SIGNATURE-----
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Alfred Huger: "Re: CanSecWest '02 conference"
- In reply to: kiwi99@hushmail.com: "Unusual ports found in nmap scan"
- Next in thread: Nessim Kisserli: "Re: Unusual ports found in nmap scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
