Security Incidents mailing list archives
Re: Think I've got trouble
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Wed, 9 Jan 2002 23:17:19 +0100 (CET)
On 9 Jan 2002, Katherine Ogden wrote:
Two other exchange servers show these ports open. Port 1042 - Bla Port 1059 - Nimreg Two questions. Does anybody know what these are? And am I right in assuming that these machines have been compromised and will need to be rebuilt?
Not nescessarily. exchange binds to rando high ports each time it is rebooted. Can you verify these ports are part of exchange? (Shutdown exchange and the ports should be gone. After a restart you should have other ports listening.) Fixing port numbers of exchange is described on various locations. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Think I've got trouble Katherine Ogden (Jan 09)
- Re: Think I've got trouble Hugo van der Kooij (Jan 09)
- Re: Think I've got trouble Nexus (Jan 09)
- <Possible follow-ups>
- RE: Think I've got trouble Andrew Blevins (Jan 09)
- RE: Think I've got trouble Frank Knobbe (Jan 09)