Re: Strange ports

To:	Pen-Tests <pen-test@securityfocus.com>
Subject:	Re: Strange ports
From:	StaticRez <staticrez@gmail.com>
Date:	Tue, 19 Jun 2007 17:27:53 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=M23Iolx7hjWbsoDaplv0Rf07JnKk/mdP3+dU7N5HZRtvVnb82NkZfQDcwAdlWnaqwBuChnTgqW/jyXV4AX8th1uWn8iendhhlpK9U9/vbJVyW/ZyrH7qO0mcyGBdcvdtUq57VAX1omlWKadKz3Bk2iZB9RU/kbHSsNsJhmqlzgs=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fFrw6ausk0iqhpoTHkoeqh4vEy5wrAkTNuXvgtcBi48DkijnSyoxg9Qe7F60VJEWnYch0gyLImGElv7dLBDb4bNAMk0t0K7+ctUY3AEjtalehAFVuZHuJgr1ysJOJHR1cXxs8izAl2ivY5HYVY8cqr5R7xQyYzDsADnqI7Rzjg0=
In-reply-to:	<5d80962a0706191518y585bc391v8d0faf43721ee4dc@mail.gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<9c43c6dd0706181159g412a60bekeaabcae80143172a@mail.gmail.com> <4677578B.5040205@gmail.com> <5d80962a0706191518y585bc391v8d0faf43721ee4dc@mail.gmail.com>
Resent-date:	Tue, 19 Jun 2007 16:02:36 -0600 (MDT)
Resent-from:	pen-test-return-1078484404@securityfocus.com
Resent-message-id:	<20070619220236.2B17F1446B9@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

You can try telnet to those ports as well. Maybe you'll get lucky and
get some output...

1029 is also known to be an ICQ port.
(http://www.seifried.org/security/ports/1000/1029.html)

Port 1032 is also a known ICQ port. and yes, i agree with the other
guys on having terminal services open to the world. bad practice.

good luck.

On 6/19/07, StaticRez <staticrez@gmail.com> wrote:

You can try telnet to those ports as well. Maybe you'll get lucky and get some 
output...

1029 is also known to be an ICQ port.
(http://www.seifried.org/security/ports/1000/1029.html )

Port 1032 is also a known ICQ port. and yes, i agree with the other guys on 
having terminal services open to the world. bad practice.

good luck.



On 6/18/07,  Jason Barbier <kusuriya@gmail.com> wrote:
>  it looks like it has something to do with IIS or MS Phoning home or its
> some sort of gateway from or to an attack its hard to say but here are
> some tidbits I found. One way to know for certain is to sniff traffic
>  off them.
> http://www.grc.com/port_1029.htm
> http://www.auditmypc.com/port/tcp-port-1029.asp
>
>  http://www.seifried.org/security/ports/1000/1032.html
> http://lists.debian.org/debian-user/2000/08/msg01614.html
>
> and heres a list of what the ports are default registered to that you
> can download
> http://lists.thedatalist.com/portlist/PortRef1.zip
>
>
> killy wrote:
> > Scanning my external firewall(at work), I (yes, it is my job to) find
> > this:
> >
> >
> > PORT     STATE    SERVICE
> > 53/tcp   open     domain
> >
> > 1029/tcp open     ms-lsa
> > 1032/tcp open     iad3
> >
> > 3389/tcp open     ms-term-serv
> >
> >
> > Why would 1029 and 1032 need to be open from the outside?
> >
> > -Kill
> >
> >
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Strange ports, killy RE: Strange ports, Erin Carroll Re: Strange ports, Jason Barbier Message not available Re: Strange ports, StaticRez <= Re: Strange ports, zion Re: Strange ports, R. DuFresne Re: Strange ports, Christine Kronberg Re: Strange ports, Tim Shea Re: Strange ports, killy Re: Strange ports, ebk_lists Re: Re: Strange ports, brian . marino Re: Re: Strange ports, Tim Shea Re: Re: Strange ports, R. DuFresne Re: Re: Strange ports, Thor (Hammer of God)

Previous by Date:	RE: Security and VPN, Jessie Ling XX (MC/EPA)
Next by Date:	RE: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection, Michael Scheidell
Previous by Thread:	Re: Strange ports, Jason Barbier
Next by Thread:	Re: Strange ports, zion
Indexes:	[Date] [Thread] [Top] [All Lists]