Penetration Testing mailing list archives
Re: [PEN-TEST] Ports
From: Ryan Permeh <ryan () EEYE COM>
Date: Sun, 17 Dec 2000 16:37:28 -0800
if this is a 2k box, it is likely that an unnamed rpc process has this port open. again, if you do have access to this box, there are a variety of tools that you can use to check what process has this port open. for windows, try sysinternals.com's tdimon, or inzider at ntsecurity.nu. For unix boxen, use lsof. This port is ususally not running a specific service, and must use a portmapper, or nt prc locator service to find which services are actually runing on this box. It also could be a trojan, spyware, or some other type of crappy intruder, if so, a decent antiviral may pick it up. OR(if on a unix box), it could just be a nonprivledged user's need to run a daemon process. non root users can only typically bind to ports above 1024(there are kernel patches for some os's that modify this type of behavior though). Signed, Ryan eEye Digital Security Team http://www.eEye.com ----- Original Message ----- From: "Matt" <saryon () SWBELL NET> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Saturday, December 16, 2000 9:41 PM Subject: Ports
I know there was a discussion on this list a while back about ports. Recently on two different machines I have noticed a wierd port 1025, open. I cant think of any program that uses it. I have checked the port database and it says network blackjack. Any searching on network blackjack has come up as more lists of ports, and no information on what it is. Does anyone here know what this is. Thanks Matt Carlson
Current thread:
- [PEN-TEST] Ports Matt (Dec 18)
- Re: [PEN-TEST] Ports Mike Forrester (Dec 18)
- Re: [PEN-TEST] Ports Pedro Margate (Dec 18)
- Re: [PEN-TEST] Ports Fred Mobach (Dec 18)
- Re: [PEN-TEST] Ports Mark Huizer (Dec 18)
- Re: [PEN-TEST] Ports van der Kooij, Hugo (Dec 18)
- Re: [PEN-TEST] Ports Ryan Permeh (Dec 18)
- <Possible follow-ups>
- Re: [PEN-TEST] Ports Edwards, David (JTD) (Dec 18)
- Re: [PEN-TEST] Ports Richard Johnson (Dec 18)
- Re: [PEN-TEST] Ports Edwards, David (JTD) (Dec 18)