Re: Port 2/tcp.

From: Shreerang Vaidya (Shreerang@RootNetworX.com)
Date: 01/24/03

  • Next message: Meritt James: "Re: Contractor Rates."
    From: "Shreerang Vaidya" <Shreerang@RootNetworX.com>
    To: "H C" <keydet89@yahoo.com>, <security-basics@securityfocus.com>
    Date: Fri, 24 Jan 2003 20:51:15 +0530
    
    

    Well no Security Consultant is crazy enough to post a stupid message on a
    mailing list which is being read by the whole world .

    I could see the port open ,after taking a look at normal portscan report .
    And normally such kind of reports are read/referred only if one does not
    have physical access to the machine at that specific time .
    I posted the message because I know that there are many technical wizards
    who read messages on this mailing list and respond to them . I hope you
    understand what I mean to say.

    I know my stuff well , I surely know what "netstat -a" means and I
    definitely know what fport does . I also know about Mr /dev/null

    All I was asking for was if someone has seen the same port open and similar
    kind of activity on any of their portscans.

    I guess it would be great if we stop posting messages expressing our
    verbal/technical proves and get down to serious analysis.

    Let me know if you seen Port 2 /tcp and can relate to it by any chance.

    Cheers,
    Shree.

    ----- Original Message -----
    From: "H C" <keydet89@yahoo.com>
    To: <security-basics@securityfocus.com>
    Sent: Friday, January 24, 2003 8:17 PM
    Subject: RE: Port 2/tcp.

    > This never ceases to amaze me. A security consultant
    > is performing a vulnerability assessment on a client's
    > network, and finds an unusual port open...even
    > intermittently. Yet in today's day and age of malware
    > w/ configurable/random port bindings, they still
    > persist in checking port lists, rather than going to
    > the machine and typing 'netstat -a'. Some endpoint
    > state information may still be available. Then using
    > fport.exe from Foundstone will show which application
    > is bound to that port.
    >
    > __________________________________________________
    > Do you Yahoo!?
    > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    > http://mailplus.yahoo.com
    >
    >



    Relevant Pages

    • Re: Error message 0x800CCC0f
      ... My AT&T/Yahoo port 465/SSL setting works fine. ... Gary VanderMolen, MS-MVP (Mail) ... I got a hold of a tech from AT&T Yahoo ... Subject 'test', Account: 'pop.mail.yahoo.co.uk', Server: ...
      (microsoft.public.windows.vista.mail)
    • Re: Outgoing email blocked
      ... The situation is my Client has an account with BT which blocks email being ... through another port than port 25, you just have to configure MSOE for ... | Organization: Yahoo! ... GMail 'smtp.gmail.com:587': ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Outgoing email blocked
      ... through another port than port 25, you just have to configure MSOE for ... | Organization: Yahoo! ... I imagine that your client will have to ... GMail 'smtp.gmail.com:587': ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Outgoing email blocked
      ... through another port than port 25, you just have to configure MSOE for ... | Organization: Yahoo! ... I imagine that your client will have to ... GMail 'smtp.gmail.com:587': ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Outgoing email blocked
      ... through another port than port 25, you just have to configure MSOE for ... | Organization: Yahoo! ... I imagine that your client will have to ... GMail 'smtp.gmail.com:587': ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)