Re: Strange ports

You can try telnet to those ports as well. Maybe you'll get lucky and
get some output...

1029 is also known to be an ICQ port.
(http://www.seifried.org/security/ports/1000/1029.html)

Port 1032 is also a known ICQ port. and yes, i agree with the other
guys on having terminal services open to the world. bad practice.

good luck.

On 6/19/07, StaticRez <staticrez@xxxxxxxxx> wrote:
You can try telnet to those ports as well. Maybe you'll get lucky and get some output...

1029 is also known to be an ICQ port.
(http://www.seifried.org/security/ports/1000/1029.html )

Port 1032 is also a known ICQ port. and yes, i agree with the other guys on having terminal services open to the world. bad practice.

good luck.



On 6/18/07, Jason Barbier <kusuriya@xxxxxxxxx> wrote:
> it looks like it has something to do with IIS or MS Phoning home or its
> some sort of gateway from or to an attack its hard to say but here are
> some tidbits I found. One way to know for certain is to sniff traffic
> off them.
> http://www.grc.com/port_1029.htm
> http://www.auditmypc.com/port/tcp-port-1029.asp
>
> http://www.seifried.org/security/ports/1000/1032.html
> http://lists.debian.org/debian-user/2000/08/msg01614.html
>
> and heres a list of what the ports are default registered to that you
> can download
> http://lists.thedatalist.com/portlist/PortRef1.zip
>
>
> killy wrote:
> > Scanning my external firewall(at work), I (yes, it is my job to) find
> > this:
> >
> >
> > PORT STATE SERVICE
> > 53/tcp open domain
> >
> > 1029/tcp open ms-lsa
> > 1032/tcp open iad3
> >
> > 3389/tcp open ms-term-serv
> >
> >
> > Why would 1029 and 1032 need to be open from the outside?
> >
> > -Kill
> >
> >
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Relevant Pages

  • Re: Strange ports
    ... Without port 53, networking in any real fashion would be pretty tough without a vast memory of all existing IP address-space. ... Are you using SPI, Watchfire or WhiteHat? ... Consider getting clear vision with Cenzic ...
    (Pen-Test)
  • Re: Strange ports
    ... Without port 53, networking in any real fashion would be pretty tough without a vast memory of all existing IP address-space. ... Are you using SPI, Watchfire or WhiteHat? ... Consider getting clear vision with Cenzic ... ...We waste time looking for the perfect lover ...
    (Pen-Test)
  • Re: Fport/Vision not working in WinXP?
    ... Port 5000 is used on WinME and WinXP for Universal Plug 'n Play. ... When I scan I am noticing numerous computers listening on ... When I checked a few of the the computers, I found Fport and ... |> vision did return a list of ports-to-services list. ...
    (microsoft.public.security.virus)
  • RE: What does this mean?
    ... > Vision says an application to it) the port 0 ... >> Do you Yahoo!? ... to facilitate one-on-one interaction with one of our expert instructors. ...
    (Security-Basics)
  • Re: ipaddress broadcast
    ... starting with Vision from www.foundstone.com/knowledge and Startup Cop ... > A computer on the network using port 4325 is trying to ... > the ip of 10.1.1.2 is not used on the network and when I ...
    (microsoft.public.security)