RE: What does this mean?
From: Adnan Ali (call_ret_at_yahoo.com)
Date: 04/28/04
- Previous message: Adnan Ali: "Re: What does this mean?"
- In reply to: Bénoni MARTIN: "RE: What does this mean?"
- Next in thread: Jason Haith: "RE: What does this mean?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Apr 2004 06:35:55 -0700 (PDT) To: "B�noni_MARTIN" <Benoni.MARTIN@libertis.ga>, security-basics@securityfocus.com
--- B�noni_MARTIN <Benoni.MARTIN@libertis.ga> wrote:
> Hi!
>
> Well, when you are running an application (for
> instance Apache), you can bind this app. to a port
> and/or an address. In your case, the IP address
> "0.0.0.0" means all addresses, i.e. if you have 2
> NIC, your app. will be replying to requests coming
> on the 2 NICs.
Yes, when in the local address column, it means
all the IPs and interfaces. However, what does
0.0.0.0:0 mean in the Foreign Addr column. If it
means all remote addresses using any of their
source ports, then what does *:* mean in the
Foreign address column? What I mean to ask is that
as you can see in my mail below, the foreign address
column either contains 0.0.0.0:0 or *:*, what does
this mean?
If you had "10.0.0.1" instead of
> 0.0.0.0, then just requests to 10.0.0.1 will be
> treated!
>
> For the ports, well just see in "
> C:\WINDOWS\system32\drivers\etc\services " !!
>
> To see the match with the applications, just
> download fport (I think it should be that), or
> tcpview (I am sure of this one, better for me than
> the former).
Yes it helped me figure out the applications running
on these ports.
Thanks for your help.
> -----Message d'origine-----
> De�: Adnan Ali [mailto:call_ret@yahoo.com]
> Envoy�: lundi 26 avril 2004 13:59
> �: security-basics@securityfocus.com
> Objet�: What does this mean?
>
> Hello all,
>
> I have a simple question and I hope to get an answer
> from the experts on this list.
>
> I have a PC running Windows 2000 Prof, and when I do
> a netstat -an, I get the following:
>
> Active Connections:
> Proto Local Addr Foreign Addr State
> ============================================
>
> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
>
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
>
> TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
>
> TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
>
> UDP 0.0.0.0:135 *:*
>
> UDP 0.0.0.0:445 *:*
>
> UDP 0.0.0.0:1025 *:*
>
> UDP 0.0.0.0:38037 *:*
>
> UDP 172.20.4.76:500 *:*
>
>
> I get this output even when I am running no network
> application on the machine.
>
> Of course, this all seems quite suspicious.
>
> Can somebody please help me figure out what is going
> on? At least find the respective applications
> listening
> on various ports.??
>
> Thanks and best regards,
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Photos: High-quality 4x6 digital prints for
> 25�
> http://photos.yahoo.com/ph/print_splash
>
>
---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention
> this ad and get $545 off
> any course! All of our class sizes are guaranteed to
> be 10 students or less
> to facilitate one-on-one interaction with one of our
> expert instructors.
> Attend a course taught by an expert instructor with
> years of in-the-field
> pen testing experience in our state of the art
> hacking lab. Master the skills
> of an Ethical Hacker to better assess the security
> of your organization.
> Visit us at:
>
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
----------------------------------------------------------------------------
>
>
>
>
>
---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention
> this ad and get $545 off
> any course! All of our class sizes are guaranteed to
> be 10 students or less
> to facilitate one-on-one interaction with one of our
> expert instructors.
> Attend a course taught by an expert instructor with
> years of in-the-field
> pen testing experience in our state of the art
> hacking lab. Master the skills
> of an Ethical Hacker to better assess the security
> of your organization.
> Visit us at:
>
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
----------------------------------------------------------------------------
>
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Adnan Ali: "Re: What does this mean?"
- In reply to: Bénoni MARTIN: "RE: What does this mean?"
- Next in thread: Jason Haith: "RE: What does this mean?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
