RE: Port 5000/tcp on Windows XP

From: Xander Soldaat (xander@soldaat.com)
Date: 10/23/01


From: "Xander Soldaat" <xander@soldaat.com>
To: <SECURITY-BASICS@SECURITYFOCUS.COM>
Subject: RE: Port 5000/tcp on Windows XP
Date: Tue, 23 Oct 2001 10:02:58 +0200
Message-ID: <000401c15b99$21078770$ec0a0a0a@cheeseburger>


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks to everyone who replied to me, both on the list and off-line.
It seems that the port in question is opened by the UPnP service. It does
not seem to be vulnerable to the same thing as the WindowsME one, thank
God.
Stopping the SSDP service does not seem to be doing anything bad to my
machine (yet), and the port is no longer open.

Gr,
Xander

- ----------------------------------------------------------
xander@soldaat.com xander@12Secure.net www.12Secure.net
PGP: 586B 2465 29E2 B872 86BA 8133 6661 B16C C9C5 90B5
# find / -name your\ base -exec chown us:us -R {} \;
- ----------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBO9UkMWZhsWzJxZC1EQI7cwCdFpj72jFUNjFVrdVYZ1Wo9kAzbkQAoNw8
PTscw0QuGkuetnLiTu6vBM9Y
=GqnB
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • [Full-Disclosure] ron1n phone home, episode 4
    ... Hacking from Windows 3.x, 95 and NT ... Use secret Windows 95 DOS commands to track down and port surf computers ... Download hacker tools such as port scanners and password crackers designed ... Now you have the option of eight TCP/IP utilities to play with: telnet, ...
    (Full-Disclosure)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Is secedit.exe left by a hacker?
    ... >> tested on port 445. ... >> I have a Linksys router that I use as a firewall to my ... >investigate the files on your computer - antivirus with ... >windows and everything else. ...
    (microsoft.public.win2000.security)
  • Re: How to Maintain an IIS Server?
    ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
    (microsoft.public.inetserver.iis.security)