RE: TS Problems? (fwd)
pcannon9_at_comcast.net
Date: 04/26/04
- Previous message: Bob Beck: "RE: Spy-Ware Detection for Small Networks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Mon, 26 Apr 2004 17:52:51 +0000
You can use the Vision tool from Foundstone to map the port to the application.
Patrick
---------------------- Forwarded Message: ---------------------
From: "Andrew Shore" <andrew.shore@holistecs.com>
To: "Matthew Crape" <mcrape@hotmail.com>, <security-basics@securityfocus.com>
Subject: RE: TS Problems?
Date: Sat, 24 Apr 2004 19:31:52 +0100
On line support ports perhaps?
Is the option to allow another to help turned on?
Andrew Shore
Senior Security Specialist
DDI. 01302 308 165
andrew.shore@holistecs.com
Company Number 04943010
VAT Number 828 8635 82
Holistic Technologies Ltd
Unit 7 Shaw Wood Business Park
Shaw Wood Way
Doncaster
South Yorkshire
DN2 5TB
T. 0870 240 1442
F. 0870 240 1443
www.holistecs.com
-----Original Message-----
From: Matthew Crape [mailto:mcrape@hotmail.com]
Sent: 22 April 2004 16:04
To: security-basics@securityfocus.com
Subject: TS Problems?
Hi Group, I am writing this in hopes of getting some advice in trying to solve a
little mystery. As it is right now I am in charge of a small network (about 50
computers total, including servers). There are only 2 Windows XP machines on the
network that end users use.
I decided to scan one them to see if Terminal Services was running by using
ProbeTS v1.0. It returned a response saying that it is in fact running (and to
quote Thor: "If it gets one, it knows it is a TServer."). Now if I try to
connect to it using Remote Desktop client, it times out and says that it is not
running. I am aware that it can be configured to run on other ports so I did an
nmap scan go the following:
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
4899/tcp open radmin
5000/tcp open UPnP
5225/tcp open unknown
5226/tcp open unknown
8008/tcp open unknown
Port 5525 is running some HP software (with Apache) and I am not sure about port
5226. I have assumed that it is also the HP software (although nothing comes up
when I telnet to it).
As for 8008, when I telnet to it it returns the following:
☺
HΩF═
Am I being paranoid? Any idea what it could be? Is there any way that I can
fully verify that TS is or is not running on the machine? Thanks for all the
help.
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Bob Beck: "RE: Spy-Ware Detection for Small Networks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
