Security Basics mailing list archives

RE: Port TCP/8000

From: "Golden_Eternity" <bhodi_jabir () yahoo com>
Date: Fri, 1 Nov 2002 10:47:34 -0800

I have a newly built Dell PowerEdge Server and now have ports open I can't
explain clearly to government management.  .

Active Connections
      Proto  Local Address          Foreign Address        State
      TCP    0.0.0.0:111            0.0.0.0:0              LISTENING

portmap. If you don't use rpc, kill it.

      TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
      TCP    0.0.0.0:445            0.0.0.0:0              LISTENING

445 is pretty common on 2k servers; like 137-139 on 9x boxen. 135 is MS'
RPC...

      TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
      TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING

...

      TCP    0.0.0.0:1311           0.0.0.0:0              LISTENING

These are all open connections to localhost. (see
http://www.robertgraham.com/pubs/firewall-seen.html#1.1)

      TCP    0.0.0.0:3372           0.0.0.0:0              LISTENING
      TCP    0.0.0.0:8000           0.0.0.0:0              LISTENING

MSDTC and iRDMI? I'm sure one of the other posts'll be able to help you with
these two.

-G_E

Current thread:

Port TCP/8000 Carl R Diliberto (Nov 01)
- RE: Port TCP/8000 Golden_Eternity (Nov 01)
- RE: Port TCP/8000 Optrics Engineering - Shaun Sturby, MCSE (Nov 01)
- Re: Port TCP/8000 James Lee Bell (Nov 01)
- Re: Port TCP/8000 Richard H. Cotterell (Nov 04)
- <Possible follow-ups>
- RE: Port TCP/8000 Floura, Ranvir (NIH/CIT) (Nov 01)
- RE: Port TCP/8000 Naman Latif (Nov 01)
- Port TCP/8000 landgraf (Nov 01)
- RE: Port TCP/8000 Hay,Daniel (Nov 01)
- RE: Port TCP/8000 Ye, Wilson (Nov 04)