RE: Strange ports



I would recommend using amap to see about getting a fingerprint of the
application used on these ports if possible and/or contacting your firewall
team to check the configs and see what these services are for. The IANA
lists of port to application mappings are general guidelines, not explicit
sets of what the application actually is. There's no law that says you have
to run ms-term-serv on port 3389 :) You should be concerned about more than
just the 1029 and 1032 ports. I know of no valid security or business reason
why you would want to allow random people on the internet to attempt
terminal connections to your internal machines... That's what VPN's are for.



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of killy
Sent: Monday, June 18, 2007 11:59 AM
To: Pen-Tests
Subject: Strange ports

Scanning my external firewall(at work), I (yes, it is my job
to) find this:


PORT STATE SERVICE
53/tcp open domain

1029/tcp open ms-lsa
1032/tcp open iad3

3389/tcp open ms-term-serv


Why would 1029 and 1032 need to be open from the outside?

-Kill


--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with
our 20/20 program!

http://www.cenzic.com/c/2020
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



Relevant Pages

  • Re: Close Ports
    ... There's no way to answer this question without knowing what ports were ... Running fport or vision from www.foundstone.com/knowledge may in ... > on my machine were listening. ... These ports were in the registered ports ...
    (microsoft.public.security)
  • Re: Sneaking a peek on Wlan in airports
    ... Are you using SPI, Watchfire or WhiteHat? ... Consider getting clear vision with Cenzic See HOW Now with ...
    (Pen-Test)
  • RE: Sneaking a peek on Wlan in airports
    ... Are you using SPI, Watchfire or WhiteHat? ... Consider getting clear vision with Cenzic See HOW Now with ...
    (Pen-Test)
  • Re: Sneaking a peek on Wlan in airports
    ... Are you using SPI, Watchfire or WhiteHat? ... Consider getting clear vision with Cenzic ...
    (Pen-Test)