RE: What does this mean?

From: Adnan Ali (call_ret_at_yahoo.com)
Date: 04/30/04

  • Next message: Bruno G. San Alejo: "How to identify a WEB proxy." 
    Date: Fri, 30 Apr 2004 05:25:41 -0700 (PDT)
To: security-basics@securityfocus.com

    Alright, thanks for correction.
    Yes Vision is a pretty good tool with a lot of
    features. tcpview as against this provides only
    the information about ports that I required.

    Thanks and best regards,

    --- Chris Gordon <chris.gordon@gettyimages.com> wrote:
    > nope actually it's any source address going to the
    > source port of 135. the 0.0.0.0:0 next to it is just
    > saying hey I'm open. So pretty much ignore (unless
    > Vision says an application to it) the port 0
    > entries, it's just the ones with ports that are
    > open.
    > I hope you liked using Vision, it's a pretty cool
    > tool, IMHO.
    >
    > peace
    > C Gordon
    >
    > -----Original Message-----
    > From: Adnan Ali [mailto:call_ret@yahoo.com]
    > Sent: Wednesday, April 28, 2004 6:42 AM
    > To: Chris Gordon; security-basics@securityfocus.com
    > Subject: RE: What does this mean?
    >
    >
    >
    > --- Chris Gordon <chris.gordon@gettyimages.com>
    > wrote:
    > > Adnan,
    > > This is actually a pretty typically output for a
    > > Win2k system.
    > > You can find out which applications are listening
    > on
    > > each port by
    > > running Vision v1.0 from foundstone.
    > > Resources -> Free Tools -> Forensic Tools ->
    > Vision
    > > v1.0
    > >
    >
    http://www.foundstone.com/resources/proddesc/vision.htm
    > >
    > > When you see the 0.0.0.0:port# that port is opened
    > > up locally on the system
    > > whereas the 172.20.4.76:500 means that that port
    > is
    > > listening for remote connections.
    >
    > What do you mean? I think when I see
    >
    >
    > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    >
    > it means all local IPs at port 135 are listening for
    > incoming connection requests from all remote IPs
    > using
    > any port as source port. Please correct me if this
    > is
    > not so.
    >
    > >
    > > I hope this helps
    > > peace
    > > C Gordon
    >
    >
    > Thanks for your help.
    >
    >
    > >
    > > -----Original Message-----
    > > From: Adnan Ali [mailto:call_ret@yahoo.com]
    > > Sent: Monday, April 26, 2004 5:59 AM
    > > To: security-basics@securityfocus.com
    > > Subject: What does this mean?
    > >
    > >
    > > Hello all,
    > >
    > > I have a simple question and I hope to get an
    > answer
    > > from the experts on this list.
    > >
    > > I have a PC running Windows 2000 Prof, and when I
    > do
    > > a netstat -an, I get the following:
    > >
    > > Active Connections:
    > > Proto Local Addr Foreign Addr State
    > > ============================================
    > >
    > > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    > >
    > > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    > >
    > > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
    > >
    > > TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
    > >
    > > UDP 0.0.0.0:135 *:*
    >
    > >
    > > UDP 0.0.0.0:445 *:*
    >
    > >
    > > UDP 0.0.0.0:1025 *:*
    >
    > >
    > > UDP 0.0.0.0:38037 *:*
    >
    > >
    > > UDP 172.20.4.76:500 *:*
    >
    > >
    > >
    > > I get this output even when I am running no
    > network
    > > application on the machine.
    > >
    > > Of course, this all seems quite suspicious.
    > >
    > > Can somebody please help me figure out what is
    > going
    > > on? At least find the respective applications
    > > listening
    > > on various ports.??
    > >
    > > Thanks and best regards,
    > >
    > >
    > >
    > >
    > > __________________________________
    > > Do you Yahoo!?
    > > Yahoo! Photos: High-quality 4x6 digital prints for
    > > 25�
    > > http://photos.yahoo.com/ph/print_splash
    > >
    > >
    >
    ---------------------------------------------------------------------------
    > > Ethical Hacking at the InfoSec Institute. Mention
    > > this ad and get $545 off
    > > any course! All of our class sizes are guaranteed
    > to
    > > be 10 students or less
    > > to facilitate one-on-one interaction with one of
    > our
    > > expert instructors.
    > > Attend a course taught by an expert instructor
    > with
    > > years of in-the-field
    > > pen testing experience in our state of the art
    > > hacking lab. Master the skills
    > > of an Ethical Hacker to better assess the security
    > > of your organization.
    > > Visit us at:
    > >
    >
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > >
    >
    ----------------------------------------------------------------------------
    > >
    > >
    > >
    >
    =======================================================
    > > This email and its contents are confidential. If
    > you
    > > are not the intended recipient, please do not
    > > disclose
    > > or use the information within this email or its
    > > attachments. If you have received this email in
    > > error,
    > > please delete it immediately. Thank you.
    > >
    >
    =======================================================
    >
    >
    >
    >
    >
    > __________________________________
    > Do you Yahoo!?
    > Win a $20,000 Career Makeover at Yahoo! HotJobs
    > http://hotjobs.sweepstakes.yahoo.com/careermakeover
    >
    >
    >
    =======================================================
    > This email and its contents are confidential. If you
    > are not the intended recipient, please do not
    > disclose
    > or use the information within this email or its
    > attachments. If you have received this email in
    > error,
    > please delete it immediately. Thank you.
    >
    =======================================================

            
                    
    __________________________________
    Do you Yahoo!?
    Win a $20,000 Career Makeover at Yahoo! HotJobs
    http://hotjobs.sweepstakes.yahoo.com/careermakeover

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Bruno G. San Alejo: "How to identify a WEB proxy."
    • Quantcast