RE: What does this mean?

From: Adnan Ali (call_ret_at_yahoo.com)
Date: 04/28/04

  • Next message: Bénoni MARTIN: "ASP trouble with IIS 6.0 security" 
    Date: Wed, 28 Apr 2004 06:42:13 -0700 (PDT)
To: Chris Gordon <chris.gordon@gettyimages.com>, security-basics@securityfocus.com

    --- Chris Gordon <chris.gordon@gettyimages.com> wrote:
    > Adnan,
    > This is actually a pretty typically output for a
    > Win2k system.
    > You can find out which applications are listening on
    > each port by
    > running Vision v1.0 from foundstone.
    > Resources -> Free Tools -> Forensic Tools -> Vision
    > v1.0
    >
    http://www.foundstone.com/resources/proddesc/vision.htm
    >
    > When you see the 0.0.0.0:port# that port is opened
    > up locally on the system
    > whereas the 172.20.4.76:500 means that that port is
    > listening for remote connections.

    What do you mean? I think when I see

    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

    it means all local IPs at port 135 are listening for
    incoming connection requests from all remote IPs using
    any port as source port. Please correct me if this is
    not so.

    >
    > I hope this helps
    > peace
    > C Gordon

    Thanks for your help.

    >
    > -----Original Message-----
    > From: Adnan Ali [mailto:call_ret@yahoo.com]
    > Sent: Monday, April 26, 2004 5:59 AM
    > To: security-basics@securityfocus.com
    > Subject: What does this mean?
    >
    >
    > Hello all,
    >
    > I have a simple question and I hope to get an answer
    > from the experts on this list.
    >
    > I have a PC running Windows 2000 Prof, and when I do
    > a netstat -an, I get the following:
    >
    > Active Connections:
    > Proto Local Addr Foreign Addr State
    > ============================================
    >
    > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    >
    > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    >
    > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
    >
    > TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
    >
    > UDP 0.0.0.0:135 *:*
    >
    > UDP 0.0.0.0:445 *:*
    >
    > UDP 0.0.0.0:1025 *:*
    >
    > UDP 0.0.0.0:38037 *:*
    >
    > UDP 172.20.4.76:500 *:*
    >
    >
    > I get this output even when I am running no network
    > application on the machine.
    >
    > Of course, this all seems quite suspicious.
    >
    > Can somebody please help me figure out what is going
    > on? At least find the respective applications
    > listening
    > on various ports.??
    >
    > Thanks and best regards,
    >
    >
    >
    >
    > __________________________________
    > Do you Yahoo!?
    > Yahoo! Photos: High-quality 4x6 digital prints for
    > 25�
    > http://photos.yahoo.com/ph/print_splash
    >
    >
    ---------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. Mention
    > this ad and get $545 off
    > any course! All of our class sizes are guaranteed to
    > be 10 students or less
    > to facilitate one-on-one interaction with one of our
    > expert instructors.
    > Attend a course taught by an expert instructor with
    > years of in-the-field
    > pen testing experience in our state of the art
    > hacking lab. Master the skills
    > of an Ethical Hacker to better assess the security
    > of your organization.
    > Visit us at:
    >
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    >
    ----------------------------------------------------------------------------
    >
    >
    >
    =======================================================
    > This email and its contents are confidential. If you
    > are not the intended recipient, please do not
    > disclose
    > or use the information within this email or its
    > attachments. If you have received this email in
    > error,
    > please delete it immediately. Thank you.
    >
    =======================================================

            
                    
    __________________________________
    Do you Yahoo!?
    Win a $20,000 Career Makeover at Yahoo! HotJobs
    http://hotjobs.sweepstakes.yahoo.com/careermakeover

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Bénoni MARTIN: "ASP trouble with IIS 6.0 security"
    • Quantcast