Re: Strange ports
- From: Jason Barbier <kusuriya@xxxxxxxxx>
- Date: Mon, 18 Jun 2007 21:11:55 -0700
it looks like it has something to do with IIS or MS Phoning home or its some sort of gateway from or to an attack its hard to say but here are some tidbits I found. One way to know for certain is to sniff traffic off them.
http://www.grc.com/port_1029.htm
http://www.auditmypc.com/port/tcp-port-1029.asp
http://www.seifried.org/security/ports/1000/1032.html
http://lists.debian.org/debian-user/2000/08/msg01614.html
and heres a list of what the ports are default registered to that you can download
http://lists.thedatalist.com/portlist/PortRef1.zip
killy wrote:
Scanning my external firewall(at work), I (yes, it is my job to) find this:
PORT STATE SERVICE
53/tcp open domain
1029/tcp open ms-lsa
1032/tcp open iad3
3389/tcp open ms-term-serv
Why would 1029 and 1032 need to be open from the outside?
-Kill
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
- References:
- Strange ports
- From: killy
- Strange ports
- Prev by Date: RE: Security and VPN
- Next by Date: Re: Pen Testing Tippingpoint
- Previous by thread: RE: Strange ports
- Next by thread: Re: Strange ports
- Index(es):
