Re: Strange ports

---

• From: "R. DuFresne" <dufresne@xxxxxxxxxxx>
• Date: Thu, 21 Jun 2007 14:30:16 -0400 (EDT)

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




Without port 53, networking in any real fashion would be pretty tough without a vast memory of all existing IP address-space.

Thanks,

Ron DuFresne


On Tue, 19 Jun 2007, zion wrote:

Hi Killy,

I am not sure if even port 53 needs to be open, It all depends on what service do you want to offer to the world. so you need to see if your organizations is offering this service to the world e.g. 3389 terminal service for the world to see ? you may need to contact some one in your organizations to ask if they need those services from the internet ?

Hope i have been of some help.

Regards
Zion


killy wrote:

Scanning my external firewall(at work), I (yes, it is my job to) find this:


PORT STATE SERVICE
53/tcp open domain

1029/tcp open ms-lsa
1032/tcp open iad3

3389/tcp open ms-term-serv


Why would 1029 and 1032 need to be open from the outside?

-Kill

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGesO8st+vzJSwZikRAi53AJ9KoHNt1Q6ZBik5kDwrAmjCVqPW/QCgzr43
LMmZxZoU/JrXBGPMPhssKxM=
=Gz9z
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: Strange ports
    • From: Christine Kronberg

• References:
  • Strange ports
    • From: killy
  • Re: Strange ports
    • From: zion

• Prev by Date: RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?
• Next by Date: RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?
• Previous by thread: Re: Strange ports
• Next by thread: Re: Strange ports
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Fport/Vision not working in WinXP? ... Port 5000 is used on WinME and WinXP for Universal Plug 'n Play. ... When I scan I am noticing numerous computers listening on ... When I checked a few of the the computers, I found Fport and ... |> vision did return a list of ports-to-services list. ... (microsoft.public.security.virus) RE: What does this mean? ... > Vision says an application to it) the port 0 ... >> Do you Yahoo!? ... to facilitate one-on-one interaction with one of our expert instructors. ... (Security-Basics) Re: Strange ports ... Without port 53, networking in any real fashion would be pretty tough without a vast memory of all existing IP address-space. ... Are you using SPI, Watchfire or WhiteHat? ... Consider getting clear vision with Cenzic ... (Pen-Test) Re: ipaddress broadcast ... starting with Vision from www.foundstone.com/knowledge and Startup Cop ... > A computer on the network using port 4325 is trying to ... > the ip of 10.1.1.2 is not used on the network and when I ... (microsoft.public.security) Re: Strange ports ... Port 1032 is also a known ICQ port. ... Watchfire or WhiteHat? ... > Consider getting clear vision with Cenzic ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2007-06