Re: Port 2/tcp.

From: Shreerang Vaidya (Shreerang@RootNetworX.com)
Date: 01/24/03

  • Next message: Meritt James: "Re: Contractor Rates."
    From: "Shreerang Vaidya" <Shreerang@RootNetworX.com>
    To: "H C" <keydet89@yahoo.com>, <security-basics@securityfocus.com>
    Date: Fri, 24 Jan 2003 20:51:15 +0530
    
    

    Well no Security Consultant is crazy enough to post a stupid message on a
    mailing list which is being read by the whole world .

    I could see the port open ,after taking a look at normal portscan report .
    And normally such kind of reports are read/referred only if one does not
    have physical access to the machine at that specific time .
    I posted the message because I know that there are many technical wizards
    who read messages on this mailing list and respond to them . I hope you
    understand what I mean to say.

    I know my stuff well , I surely know what "netstat -a" means and I
    definitely know what fport does . I also know about Mr /dev/null

    All I was asking for was if someone has seen the same port open and similar
    kind of activity on any of their portscans.

    I guess it would be great if we stop posting messages expressing our
    verbal/technical proves and get down to serious analysis.

    Let me know if you seen Port 2 /tcp and can relate to it by any chance.

    Cheers,
    Shree.

    ----- Original Message -----
    From: "H C" <keydet89@yahoo.com>
    To: <security-basics@securityfocus.com>
    Sent: Friday, January 24, 2003 8:17 PM
    Subject: RE: Port 2/tcp.

    > This never ceases to amaze me. A security consultant
    > is performing a vulnerability assessment on a client's
    > network, and finds an unusual port open...even
    > intermittently. Yet in today's day and age of malware
    > w/ configurable/random port bindings, they still
    > persist in checking port lists, rather than going to
    > the machine and typing 'netstat -a'. Some endpoint
    > state information may still be available. Then using
    > fport.exe from Foundstone will show which application
    > is bound to that port.
    >
    > __________________________________________________
    > Do you Yahoo!?
    > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    > http://mailplus.yahoo.com
    >
    >