Security Basics mailing list archives
Re: What does this mean?
From: Dedric Ramsey - Ramsey Consulting Svcs <ramseycs () bellsouth net>
Date: Mon, 26 Apr 2004 14:21:14 -0400
Adnan Ali wrote:
Active Connections:Proto Local Addr Foreign Addr State ============================================TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
This is used for NetBIOS
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
So is this port.
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
These two seem normal as well, the same with ports 135,445,1025/UDP shown below.
UDP 0.0.0.0:135 *:* UDP 0.0.0.0:445 *:* UDP 0.0.0.0:1025 *:* UDP 0.0.0.0:38037 *:*
As for this port, Google led me to this site (http://www.ncsu.edu/it/antivirus/install/FireWall-Ports.html), which says:
MsgsysMsgsys is an Alert Management System (AMS) process for generating and sending configured AMS alerts. Msgsys communications uses port 38037 and 38292 for both TCP and UDP communication.
Are you running any Symantec Products, specifically one of their AV lines, or Firewalls?
UDP 172.20.4.76:500 *:*
This is used for ISAKMP (Internet Security Association and Key Management Protocol), so there shouldnt be anything to worry about there either. Its just there since Windows 2000 supports IPSec.
I get this output even when I am running no network application on the machine.Of course, this all seems quite suspicious.Can somebody please help me figure out what is going on? At least find the respective applications listening on various ports.?? Thanks and best regards,
So to me, with just the information you've provided, nothing is out of the ordinary. Of course, if it makes you feel better, point Nmap or something similar at it and see what you find. Same with your AV scanner of choice. (Trend Micro has a nice web based one on their site, as does Panda, although Ive never used theirs)
Take care, -- Dedric Ramsey Ramsey Consulting Services 770.826.8008 ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- What does this mean? Adnan Ali (Apr 26)
- Re: What does this mean? Bryan Ware (Apr 26)
- RE: What does this mean? David Gillett (Apr 26)
- Re: What does this mean? Ansgar -59cobalt- Wiechers (Apr 27)
- Re: What does this mean? Dedric Ramsey - Ramsey Consulting Svcs (Apr 26)
- Re: What does this mean? Ansgar -59cobalt- Wiechers (Apr 27)
- Re: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? Jason Haith (Apr 26)
- <Possible follow-ups>
- RE: What does this mean? BĂ©noni MARTIN (Apr 26)
- RE: What does this mean? Adnan Ali (Apr 28)
- Re: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? David Gillett (Apr 28)
- RE: What does this mean? Adnan Ali (Apr 30)