Security Basics mailing list archives

RE: unadministered open ports

From: Peter Odigie <petermariano () ncema gov ng>
Date: 11 Aug 2005 17:44:33 +0100




What process spawned the ports?.  

Take for example the ports below from a workstation
The ports that are "filtered"  are not supposed to be there, maybe the
user is/has done something wrong.  

Do I have to put a filter on the my gateway?  but which ports do I
filter?   

I guess I will finally have to go each of the computers and remove the
offending process (maybe a malware) but is there a way to do this
remotely?  

Interesting ports on 
(The 1653 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
116/tcp  filtered ansanotify
135/tcp  open     msrpc
139/tcp  open     netbios-ssn
196/tcp  filtered dn6-smm-red
445/tcp  open     microsoft-ds
1025/tcp open     NFS-or-IIS
1076/tcp filtered sns_credit
2043/tcp filtered isis-bcast
3389/tcp open     ms-term-serv
5000/tcp open     UPnP


Thanks 


Peter




On Thu, 2005-08-11 at 17:01, Sean Crawford wrote:

What ports are they for a start?.


What process spawned the ports?.


*sigh*

---> -----Original Message-----
---> From: Peter Odigie [mailto:petermariano () ncema gov ng]
---> Sent: Wednesday, 10 August 2005 7:21 PM
---> To: security-basics () securityfocus com
---> Subject: unadministered open ports
---> 
---> 
---> Hi All
---> 
---> I have noticed that anytime I do a nmap of my LAN I see ports that are
---> not supposed to be open or used appearing as "filtered" on my
---> workstations.  I get a feeling that they have been infected.  I will
---> want to control this and I will like if I can do it remotely.
---> 
---> Any help please
---> 
---> Peter
---> 
---> 
---> 
---> ________ Information from NOD32 ________
---> This message was checked by NOD32 Antivirus System for Linux 
---> Mail Server.
--->   part000.txt - is OK
---> http://www.nod32.com
---> 
---> __________ NOD32 1.1191 (20050810) Information __________
---> 
---> This message was checked by NOD32 antivirus system.
---> http://www.eset.com
---> 
--->

Current thread:

unadministered open ports Peter Odigie (Aug 10)
- <Possible follow-ups>
- RE: unadministered open ports Peter Odigie (Aug 12)
  - Re: unadministered open ports Jacob Bresciani (Aug 15)
  - Re: unadministered open ports Mordread Wallas (Aug 15)
- Re: unadministered open ports keydet89 (Aug 12)
  - Call Center Security Basics Mark Teicher (Aug 15)