Re: Unusual ports found in nmap scan

• Previous message: Holmes, Ben: "Grabbing the CORE of a Dallas DS-2250 and DS-5000"
• In reply to: kiwi99@hushmail.com: "Unusual ports found in nmap scan"
• Next in thread: Aaron Higbee: "Re: Unusual ports found in nmap scan"
• Reply: Aaron Higbee: "Re: Unusual ports found in nmap scan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Nessim Kisserli <nessim.kisserli@rhul.ac.uk>
To: kiwi99@hushmail.com
Date: Fri, 1 Mar 2002 13:30:27 +0000

hi Dave,

NtWaK0 released an advisory to bugtraq on 15/02/2002 dealing with port 445,
here's a quick extract:

        TCP/UPD port 445 is open by default on a Fresh installed XP box. :
        The attack is seriouse since it work remotly and can make the CPU 100 % :
        in less then 20 Second.

you can find the full text at:
http://online.securityfocus.com/archive/1/256830

it might not help with port enumeration but it could shed some light on the
machine's os..

good luck,
nessim

On Wednesday 27 Feb 2002 6:12 pm, you wrote:
> Hello All
>
> I'm currently pentesting a client and nmap reports that a particular host
> has the following ports open: 82/tcp
> 445/tcp
> 447/tcp

<snip>

> Does anyone have any further information on these ports and what sort of
> application might be running using these open ports (assuming they are what
> they say they are!)
>
> Also assuming it's Win2K are there any tools for enumeration on port 445?
>
> All help appreciated
>
> Dave

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Holmes, Ben: "Grabbing the CORE of a Dallas DS-2250 and DS-5000"
• In reply to: kiwi99@hushmail.com: "Unusual ports found in nmap scan"
• Next in thread: Aaron Higbee: "Re: Unusual ports found in nmap scan"
• Reply: Aaron Higbee: "Re: Unusual ports found in nmap scan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: How to discover FW-1 management module or GUI? ... Indeed port 257 is the port used by the management console to communicate ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... > automatically alerts you to the latest security vulnerabilities please ... (Pen-Test) RE: faster scans? (nmap) ... > on atleast one well-known port. ... >> infront intercepting these packets, ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) Re: Identify OS? ... The first thing that struck me was port 6112/dtspc. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) Re: Raptor Firewall 6.5 Config ... Raptor as a firewall also has another side feature that can confuse ... This is the whole keep a port open PNAT idea. ... Once raptor has a standard proxy or GSP enabled, it 'opens' that ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Digital UNIX 5.60 recourses ... Find out what is running on what port (use of netcat, nmap, ... >> Subject: Digital UNIX 5.60 recourses ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint