Re: All Ports open on IIS Server?

From: Don Kelloway (dkelloway_at_commodon.com)
Date: 10/11/04

• Next message: Celtic Leroy: "Re: Cracking admin password on Win 2000; then putting it back?"
• Previous message: Use.Netuser.de: "Re: processes in winxp"
• In reply to: donnie: "Re: All Ports open on IIS Server?"
• Next in thread: Jeff Beck: "Re: All Ports open on IIS Server?"
• Reply: Jeff Beck: "Re: All Ports open on IIS Server?"
• Reply: donnie: "Re: All Ports open on IIS Server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 11 Oct 2004 03:37:52 GMT

"donnie" <donnie@queyosepa.net> wrote in message
news:nngjm0pidtj9bisnqel1n1lakacsph016v@4ax.com...
> system reveals:
>>
>>C:\>netstat -ano
>>
>>Active Connections
>>
>> Proto Local Address Foreign Address State PID
>> TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
>> 1532
>> TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
>> 1532
>> TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
>> 1532
>> TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
>> 1532
>>
>>Note the PID number in the last column? This indicates the Process ID
>>number of the service/application responsible. In this example you will
>>see
>>that ports 21, 25, 80 and 443 are in a listening state the result of which
>>is attributed to PID 1532, which is the PID associated with IIS.
>>
>>For you to determine the appropriate PID on your system simply view Task
>>Manager or run the following command.
>>
>>TASKLIST /SVC
>>
>>Match the PID with the results of the NETSTAT and you'll learn the
>>results.
> ####################
> What determiines when the netstat output uses zeros as the IP address
> as opposed to 127.0.0.1 or the actual IP of the machine?

Donnie,

Good question...

When you see '0.0.0.0' it indicates that the service/application indicated
by the PID is capable of listening on all IP's bound to the NIC.

When you see '127.0.0.1' it indicates that the system itself is using the
loopback for communication to itself and such is not an accessible from the
Internet.

-- 
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security 
on the Internet". 

---

• Next message: Celtic Leroy: "Re: Cracking admin password on Win 2000; then putting it back?"
• Previous message: Use.Netuser.de: "Re: processes in winxp"
• In reply to: donnie: "Re: All Ports open on IIS Server?"
• Next in thread: Jeff Beck: "Re: All Ports open on IIS Server?"
• Reply: Jeff Beck: "Re: All Ports open on IIS Server?"
• Reply: donnie: "Re: All Ports open on IIS Server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Silahken Doni Jawab "Kenapa tuhan kok mau Jadi yesus ... dan mau-maunya disalib, apa udah ng ... maka Tuhan pun tidak mampu berada ... Kedudukan Donnie memang sangat penting. ... Pid, apa ente harapkan belio mampu menangkap apa nyang Apid maksudkan ... mbok ya'o sadar dong Pid akan kemampuan belio berpikeerrr, ... (soc.culture.indonesia) Re: All Ports open on IIS Server? ... >When you see '0.0.0.0' it indicates that the service/application indicated ... >by the PID is capable of listening on all IP's bound to the NIC. ... from Don Kelloway of Commodon Communications ... donnie. ... (alt.computer.security) Re: All Ports open on IIS Server? ... >Active Connections ... >is attributed to PID 1532, which is the PID associated with IIS. ... What determiines when the netstat output uses zeros as the IP address ... (alt.computer.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2004-10