Re: Port 2/tcp.
From: Shreerang Vaidya (Shreerang@RootNetworX.com)
- Previous message: Phillips, Mike: "RE: Security Lab/Network"
- In reply to: H C: "RE: Port 2/tcp."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Shreerang Vaidya" <Shreerang@RootNetworX.com> To: "H C" <firstname.lastname@example.org>, <email@example.com> Date: Fri, 24 Jan 2003 20:51:15 +0530
Well no Security Consultant is crazy enough to post a stupid message on a
mailing list which is being read by the whole world .
I could see the port open ,after taking a look at normal portscan report .
And normally such kind of reports are read/referred only if one does not
have physical access to the machine at that specific time .
I posted the message because I know that there are many technical wizards
who read messages on this mailing list and respond to them . I hope you
understand what I mean to say.
I know my stuff well , I surely know what "netstat -a" means and I
definitely know what fport does . I also know about Mr /dev/null
All I was asking for was if someone has seen the same port open and similar
kind of activity on any of their portscans.
I guess it would be great if we stop posting messages expressing our
verbal/technical proves and get down to serious analysis.
Let me know if you seen Port 2 /tcp and can relate to it by any chance.
> This never ceases to amaze me. A security consultant
> is performing a vulnerability assessment on a client's
> network, and finds an unusual port open...even
> intermittently. Yet in today's day and age of malware
> w/ configurable/random port bindings, they still
> persist in checking port lists, rather than going to
> the machine and typing 'netstat -a'. Some endpoint
> state information may still be available. Then using
> fport.exe from Foundstone will show which application
> is bound to that port.
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.