Re: Strange ports

To:	Pen-Tests <pen-test@securityfocus.com>
Subject:	Re: Strange ports
From:	killy <killfactory@gmail.com>
Date:	Sat, 23 Jun 2007 22:49:16 -0400
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VfPulhYSpxE4Ii3B62bV2eGZNIGqvUwu4y5QAATvxUKDpj8g2U1fBKeJ4weOHUNctMjk1/BSHJ3SnihqE5yBNixFUCgs3k0wL/2KeUiJIODCggu3cPgcySgxkwWmBcN/UuUOoFFNMAAJ6v6fBLUrR7ZXbz6nlfDFhtroFbB8dfM=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=iXAv0eAvLL5aAug9McoXzBCLQ4X8+wFg5o971NkVbDoVdEiIHNgjwL0NVu2u94EaBebNw2kWqFRosGFHEuFCKh2BCe/NVFibKJFjXTcImGPkQCdd5TGXgTijYowuGcs0YYOAxnuDJ77aJ9j2oVylbBmFDkkcFODrouxUuzuTRqg=
In-reply-to:	<9c43c6dd0706181159g412a60bekeaabcae80143172a@mail.gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<9c43c6dd0706181159g412a60bekeaabcae80143172a@mail.gmail.com>
Resent-date:	Sun, 24 Jun 2007 00:41:20 -0600 (MDT)
Resent-from:	pen-test-return-1078484454@securityfocus.com
Resent-message-id:	<20070624064120.23331143ABB@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Thanks for all of the great responses.

I guess it may help to clear up a few things.

53 is valid and documented.
3389 is not documented, but I already know the answer before I ask why
they did this ;-)

But 1029 and 1032, were the interesting ones ot me.

Not documented or common to myself.









On 6/18/07, killy <killfactory@gmail.com> wrote:

Scanning my external firewall(at work), I (yes, it is my job to) find this:


PORT     STATE    SERVICE
53/tcp   open     domain

1029/tcp open     ms-lsa
1032/tcp open     iad3

3389/tcp open     ms-term-serv


Why would 1029 and 1032 need to be open from the outside?

-Kill


--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke



--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Strange ports, killy RE: Strange ports, Erin Carroll Re: Strange ports, Jason Barbier Message not available Re: Strange ports, StaticRez Re: Strange ports, zion Re: Strange ports, R. DuFresne Re: Strange ports, Christine Kronberg Re: Strange ports, Tim Shea Re: Strange ports, killy <= Re: Strange ports, ebk_lists Re: Re: Strange ports, brian . marino Re: Re: Strange ports, Tim Shea Re: Re: Strange ports, R. DuFresne Re: Re: Strange ports, Thor (Hammer of God) Re: Re: Strange ports, Bojan Zdrnja Re: Re: Strange ports, Thor (Hammer of God)

Previous by Date:	Re: pen testing flash games., Nathan Bijnens
Next by Date:	Re: listening to people/offices when on-hold on the phone, Robin Wood
Previous by Thread:	Re: Strange ports, Tim Shea
Next by Thread:	Re: Strange ports, ebk_lists
Indexes:	[Date] [Thread] [Top] [All Lists]