Security Basics mailing list archives
RE: unadministered open ports
From: Peter Odigie <petermariano () ncema gov ng>
Date: 11 Aug 2005 17:44:33 +0100
What process spawned the ports?. Take for example the ports below from a workstation The ports that are "filtered" are not supposed to be there, maybe the user is/has done something wrong. Do I have to put a filter on the my gateway? but which ports do I filter? I guess I will finally have to go each of the computers and remove the offending process (maybe a malware) but is there a way to do this remotely? Interesting ports on (The 1653 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 116/tcp filtered ansanotify 135/tcp open msrpc 139/tcp open netbios-ssn 196/tcp filtered dn6-smm-red 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1076/tcp filtered sns_credit 2043/tcp filtered isis-bcast 3389/tcp open ms-term-serv 5000/tcp open UPnP Thanks Peter On Thu, 2005-08-11 at 17:01, Sean Crawford wrote:
What ports are they for a start?. What process spawned the ports?. *sigh* ---> -----Original Message----- ---> From: Peter Odigie [mailto:petermariano () ncema gov ng] ---> Sent: Wednesday, 10 August 2005 7:21 PM ---> To: security-basics () securityfocus com ---> Subject: unadministered open ports ---> ---> ---> Hi All ---> ---> I have noticed that anytime I do a nmap of my LAN I see ports that are ---> not supposed to be open or used appearing as "filtered" on my ---> workstations. I get a feeling that they have been infected. I will ---> want to control this and I will like if I can do it remotely. ---> ---> Any help please ---> ---> Peter ---> ---> ---> ---> ________ Information from NOD32 ________ ---> This message was checked by NOD32 Antivirus System for Linux ---> Mail Server. ---> part000.txt - is OK ---> http://www.nod32.com ---> ---> __________ NOD32 1.1191 (20050810) Information __________ ---> ---> This message was checked by NOD32 antivirus system. ---> http://www.eset.com ---> --->
Current thread:
- unadministered open ports Peter Odigie (Aug 10)
- <Possible follow-ups>
- RE: unadministered open ports Peter Odigie (Aug 12)
- Re: unadministered open ports Jacob Bresciani (Aug 15)
- Re: unadministered open ports Mordread Wallas (Aug 15)
- Re: unadministered open ports keydet89 (Aug 12)
- Call Center Security Basics Mark Teicher (Aug 15)