Re: Strange ports open

From: Arkady Karasin (arkadykarasin_at_hotmail.com)
Date: 07/31/03 

Date: Thu, 31 Jul 2003 11:35:10 +0300

Yes, I mean listening. I am just scanning all my network with SuperScan and found that my Exchange listening for those ports.
The following is a list of ports and protocols for Microsoft Windows 2000 services. Nothing about ports 1212 and 1222. I download TCPVIEW from www.sysinternals.com and understand that port 1212 used by STORE.EXE and 1222 by EMSMTA.EXE. Also I see users connected to port 1212. The question is why?

The following is a list of ports and protocols for Microsoft Windows 2000 services.

      Port TCP/UDP Service Name
      42 TCP WINS Replication
      47 TCP GRE for PPTP
      53 UDP DNS Name Resolution
      53 TCP DNS
      67 UDP DHCP Lease (BOOTP)
      68 UDP DHCP Lease
      88 UDP Kerberos
      135 TCP Location Service (RPC, RPC EP Mapper, WINS Manager, DHCP Manager, MS DTC)
      137 UDP NetBIOS Name Service (Logon Sequence, Windows NT 4.0 Trusts, Windows NT 4.0 Secure Channel, Pass Through Validation, Browsing, Printing)
      137 TCP WINS Registration
      138 UDP NetBIOS Datagram Service (Logon Sequence, Windows NT 4.0 Trusts, Windows NT 4.0 Directory Replication, Windows NT 4.0 Secure Channel, Pass Through Validation, NetLogon, Browsing, Printing)
      139 TCP NetBIOS Session Service (NBT, SMB, File Sharing, Printing, Logon Sequence, Windows NT 4.0 Trusts, Windows NT 4.0 Directory Replication, Windows NT 4.0 Secure Channel, Pass Through Validation, Windows NT 4.0 Administration Tools [Server Manager, User Manager, Event Viewer, Registry Editor, Diagnostics, Performance Monitor, DNS Administrator])
      389 TCP/UDP LDAP
      500 TCP/UDP ISAKMP/Oakley negotiation traffic (IPSec)
      522 TCP User Location Store
      636 TCP/UDP LDAP (over TLS/SSL)
      750 UDP Kerberos Authentication
      750 TCP Kerberos Authentication
      751 UDP Kerberos Authentication
      751 TCP Kerberos Authentication
      752 UDP Kerberos Password Server
      753 UDP Kerberos User Registration Server
      754 TCP Kerberos Slave Propagation
      888 TCP Logon and Environment Passing
      Dynamic TCP Directory Replication
      1109 TCP POP with Kerberos
      1723 TCP PPTP Control Channel (IP Protocol 47 - GRE)
      2053 TCP Kerberos de-multiplexor
      2105 TCP Kerberos encrypted login
      3268 Global Catalog
      3269 Global Catalog
      3389 RDP Terminal Services

The following is a list of ports and protocols for Microsoft Exchange 2000 Server services.

      Port TCP/UDP Service Name
      25 TCP SMTP
      80 TCP HTTP
      102 TCP MTA - X.400 over TCP/IP
      110 TCP POP3
      119 TCP NNTP
      135 TCP Client/Server Communication, RPC, Exchange Administration
      143 TCP IMAP4
      389 TCP LDAP
      443 TCP HTTP (SSL)
      465 TCP SMTP (SSL)
      563 TCP NNTP (SSL)
      636 TCP LDAP (SSL)
      993 TCP IMAP4 (SSL)
      995 TCP POP3 (SSL)
      1720 TCP H.323 Call Setup
      1731 TCP Audio Call Control
      2980 TCP/UDP Instant Messaging Service
      Dynamic TCP H.323 Call Control
      Dynamic UDP H.323 Call (RTP Over UDP)

"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message news:eautuArVDHA.2004@TK2MSFTNGP10.phx.gbl...
> See here:
>
> http://securityadmin.info/faq.htm#hacked
> http://securityadmin.info/faq.htm#re-secure
> http://securityadmin.info/faq.htm#harden
>
> Open meaning listening? How are you seeing them as open?
>
>
> "Arkady Karasin" <arkadykarasin@hotmail.com> wrote in message
> news:OhtL$PpVDHA.2012@TK2MSFTNGP10.phx.gbl...
> > Hi, All!
> > On my exchange 2000 server I found following ports open:
> > 1212 - lupa
> > 1222 - SNI R&D network
> >
> > On all XP machines port 5000 open.
> >
> > On ISA server open port 3011(Trusted Web).
> >
> > Somebody know why it open, and do I need it?
> >
> > Thanks.
> >
> >
>
>

Relevant Pages

  • Re: Starting iptables
    ... it is not clear that you need a firewall at all. ... just don't open any ports. ... "netstat -putl" will let you find out what listening ports are open. ... mysql is listening on tcp port 3306. ...
    (Debian-User)
  • Re: UPHClean log question
    ... A quick check to see which ports the computer is listening on is to run ... > Windows Firewall saying that the application svchost.exe has been blocked ... > extract from UPHClean might indicating a specific problem that should be ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: UDP Ports, closing Win2K Server (No IIS)
    ... What's listening on UDP 995? ... The worm spreads via email but some antivirus vendors report ... against using IPSec as a firewall, and blocking just one or two ports here ...
    (microsoft.public.inetserver.iis.security)
  • Re: Many Connections from each Web Client
    ... In case inetinfo.exe is listening on random ports, have you enabled FTP ... Microsoft Online Community Support ...
    (microsoft.public.inetserver.iis.security)
  • Re: Win2k Netstat sockets interpretation
    ... I have deleted "file and print sharing" under "internet connections and disbled most recognizable "remote access" services under 'services.msc' but ZA detects a few remote access modules running and gives them permission if select "OK" to the suggested query. ... notice randomly ports assigned to urls or ip addresss. ... 'netstat' on Win2K provides a view on the state of the *TDI interface*, ... something appearing as 0.0.0.0 listening means "an outstanding request to ...
    (alt.computer.security)