RE: TS Problems?

["Andrew Shore" <andrew.shore () holistecs com>]

On line support ports perhaps? 

Is the option to allow another to help turned on?

 
Andrew Shore
Senior Security Specialist
DDI. 01302 308 165
andrew.shore () holistecs com
 
 
 
Company Number 04943010
VAT Number 828 8635 82
 
 
Holistic Technologies Ltd
Unit 7 Shaw Wood Business Park
Shaw Wood Way
Doncaster
South Yorkshire
DN2 5TB
T. 0870 240 1442
F. 0870 240 1443
www.holistecs.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
-----Original Message-----
From: Matthew Crape [mailto:mcrape () hotmail com] 
Sent: 22 April 2004 16:04
To: security-basics () securityfocus com
Subject: TS Problems?

Hi Group, I am writing this in hopes of getting some advice in trying to solve a little mystery. As it is right now I 
am in charge of a small network (about 50 computers total, including servers). There are only 2 Windows XP machines on 
the network that end users use. 
 
I decided to scan one them to see if Terminal Services was running by using ProbeTS v1.0. It returned a response saying 
that it is in fact running (and to quote Thor: "If it gets one, it knows it is a TServer."). Now if I try to connect to 
it using Remote Desktop client, it times out and says that it is not running. I am aware that it can be configured to 
run on other ports so I did an nmap scan go the following:
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
1025/tcp open  NFS-or-IIS
4899/tcp open  radmin
5000/tcp open  UPnP
5225/tcp open  unknown
5226/tcp open  unknown
8008/tcp open  unknown
 
Port 5525 is running some HP software (with Apache) and I am not sure about port 5226. I have assumed that it is also 
the HP software (although nothing comes up when I telnet to it). 
 
As for 8008, when I telnet to it it returns the following:
☺
HΩF═
 
Am I being paranoid? Any idea what it could be? Is there any way that I can fully verify that TS is or is not running 
on the machine? Thanks for all the help.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------