Security Incidents mailing list archives
Re: Can someone please explain...
From: Talisker <Talisker () NETWORKINTRUSION CO UK>
Date: Tue, 1 Aug 2000 22:40:37 +0100
Matt 433 NNTP - Network News Transfer Protocol see rfc 977 http://www.faqs.org/rfcs/rfc977.html 438 dsfgw - didn't find much, the following maybe junk, as far as I can discover this is a DEC protocol/service of some description, posted by Jim Teague teague () zso dec com However there is no reference to it on the DEC website he has written a book for DEC, whether it includes dsfgw I don't know title: Distributing applications accross DCE and Windows NT Authors: Ward ROSENBERRY ; Jim TEAGUE ; ISBN: 1-56592-047-3 This book provides a basic understanding for developing cross-environment applications in DCE and Windows NT. It gives an overview of RPC and also details the differences between DCE RPC and Microsoft RPC. Topics include writing interface definitions, writing clients and servers, and remodeling local applications. It also describes the administration tasks on how Microsoft clients and servers can interact with DCE services. This book is for programmers and administrators who want to cross platform boundaries and distribute applications across Windows NT and DCE. On a positive note I could find no exploits, trojans etc relating to either port the next step maybe to use a packet sniffer to capture some of these packets I use do the following with rogue ports <snipped from my website> 1. Before going through the sites dedicated to identifying ports (below) I prefer to go to www.google.com and try a standard search eg "port 19932" to identify products that legitimately use the port. If the number is fairly obscure such as 38293 and you are getting more hits on the word port than the number, then try a search on just the number. If you are getting numerous hits for legitimate uses for that port try "port 19932 exploit" Infosyssec has numerous security search engines at the bottom of it's page. If you are still drawing blanks try the standard port pages below though a google search should have picked them up from these sites. 2. Contact the vendors of your software products and ask what ports they use, this is best done before you need the information, like NOW. 3. Fire up a protocol analyser (packet sniffer) and look at the packet content. 4. When all else fails throw the query at the IDS or Firewall mailing lists, if you are undergoing an attack the chances are you aren't alone. http://advice.networkice.com/Advice/default.htm http://advice.networkice.com/advice/Exploits/Ports/ http://www.robertgraham.com/pubs/firewall-seen.html http://www.simovits.com/nyheter9902.html http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html trojan ports http://www.chebucto.ns.ca/~rakerman/port-table.html http://www.isi.edu/in-notes/iana/assignments/port-numbers http://www.amaranthnetworks.com/nat/ports.html <end of snip> www.networkintrusion.co.uk ''' (0 0) ----oOO----(_)---------- | The geek shall | | Inherit the earth | -----------------oOO---- |__|__| || || ooO Ooo The opinions contained within this transmission are entirely my own, and do not necessarily reflect those of my employer. ----- Original Message ----- From: "Matt Beck" <Mbeck () GIANTSTEP COM> To: <INCIDENTS () securityfocus com> Sent: Monday, July 31, 2000 5:28 PM Subject: Can someone please explain...
what UDP port numbers 433 and 438 are? All I can find online are the acronyms nnsp and dsfgw. I ask because someone detected a "scan"
containing
these ports from inside my network and notified us. Thanks, Matt
Current thread:
- Re: Can someone please explain... Mike Apted (Aug 01)
- Re: Can someone please explain... Russ Allbery (Aug 07)
- <Possible follow-ups>
- Re: Can someone please explain... Mike McPherson (Aug 01)
- Re: Can someone please explain... Talisker (Aug 02)
- Re: Can someone please explain... Michal Nazarewicz (Aug 04)
- Re: Can someone please explain... Russ Allbery (Aug 07)