Re: Why these ports are running on a Windows Server 2003?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 10/17/05

  • Next message: marc ochsenmeier: "Re: Indexing Service and EFS..."
    Date: Sun, 16 Oct 2005 19:43:32 -0500
    
    

    A lot depends on what you have installed on that server as applications and
    services. The above 1024 ports are generally used as a client port randomly
    selected to connect to a server service though trojans are also known to use
    them. If connected, the server address/port used could also be of help in
    finding out what is going on. There are some free tools from SysInternals
    called SysInternals called TCPView and Process Explorer that can be very
    helpful in identifying port use by mapping to the process/executable and
    showing the publisher name that can help you determine if it is a legitimate
    process or application [hopefully you have a baseline or documentation to
    compare to] though unless the file used for the process is digitally signed
    you can not be 100 percent sure that the publisher name is what it says but
    not being digitally signed does not mean that it is bogus either.

    I would certainly question these and as an administrator be able identify if
    all of them are legitimate or not with the help of the tools I mentioned.
    For instance why is 1119 Battle.net Chat/Game Protocol showing as a process
    on a server? You could also search Google for any port or description you
    have listed if you need further assistance in trying to track them down
    which is what I do. Of course the server should be scanned with a quality
    malware program and a spyware program such as Microsoft AntiSpyware, AdAware
    SE, etc which can help in identifying malware, spyware and suspicious
    programs. If it appears that a lot of these processes are accessing the
    internet and should not be consider using a firewall that has a block all
    default outbound rule and then you define the exceptions for authorized
    access. The Windows 2003 Security Guide also has guidance on how to create
    and assign an ipsec filtering policy for a Windows 2003 Server based on it's
    role. Software Restriction Policies can also be implemented to stop the
    installation of and use of unauthorized software.--- Steve

    http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
       --- XP and Windows 2003 Software Restriction Policies

    "Doug Fox" <dfox138-no-spam@hotmail.com> wrote in message
    news:u$ZDsmq0FHA.2312@TK2MSFTNGP14.phx.gbl...
    > Did an internal port scan on a number of Windows Server 2003 and found the
    > following ports, but they seems weired. Any
    > comments/suggestions/information are thankful.
    >
    > 85 (MIT ML Device)
    > 264 (BGMP)
    > 039 (Streamlined Blackhole)
    > 1041 (AK2 Product)
    > 1043 (BONIC Client Control)
    > $1051 (Optima VNET)
    > 1052 (Dynamic DNS Tools)
    > 1074 (FASTechnologies License Manager)
    > 1098 (RMI Activation)
    > 1106 (ISOIPSIGPORT-1)
    > 1119 (Battle.net Chat/Game Protocol)
    > 1208 (SEAGULL AIS)
    > 1264 (PRAT)
    > 1302 (Cl3-Software-2)
    > 1360 (MIMER)
    > 1366 (Novell NetWare Comm Service Platform) - We don't have Novell stuff
    > on
    > our network!!
    > 1378 Elan License Manager
    > 4000 (Terabase)
    > 5998 (Asp module for Apache servers(
    > 6001 (Rainbow SuperPro Net network Services)
    > 6071 (SSDTP)
    > 6502 (BoKS Servm)
    > 6503 (BoKS Clntd)
    > 6504 ??
    >
    > Best regards,
    >
    >
    >


  • Next message: marc ochsenmeier: "Re: Indexing Service and EFS..."

    Relevant Pages

    • Re: How to Maintain an IIS Server?
      ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
      (microsoft.public.inetserver.iis.security)
    • LPD/LPR printing or alternative
      ... Configuring LPD for Microsoft Windows XP or Windows 2003 Server ... LPR port. ... protocol address of the HP Jetdirect print server. ...
      (comp.os.os2.misc)
    • RE: VPN Configuration error
      ... Remote Access wizard to configure VPN. ... How to move the client programs folder to another location in Windows Small ... or if the SBS SP1 did not finish the installation. ... On the SBS server, click Start, click Run, type "regedit" (without the ...
      (microsoft.public.windows.server.sbs)
    • RE: xp pro sharing printer
      ... How to troubleshoot network printing problems in Windows XP ... SMB-connected print server ... Incompatible print driver ... and then redirect the port to the network server. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: 2 Fragen vor der Neuinstallation vom SBS 2003!
      ... >> am Internet angeschlossen sein während der Installation ... > raus, damit auch nichts schiefgehen kann, und der Server auch keinen Müll ... If your Windows Small Business Server network contains client computers ... evtl. ...
      (microsoft.public.de.german.backoffice.smallbiz)