Penetration Testing mailing list archives
Re: Unusual ports found in nmap scan
From: "Mehmet Murat Gunsay" <mgunsay () btkom com>
Date: Fri, 1 Mar 2002 09:45:38 +0200
445/tcp suggests the box is W2K and is running netbios, which is pretty much the equivalent of 139/tcp on NT boxes. Try running dumpsec from somarsoft. Mehmet Murat Gunsay BTKOM A.S. http://www.btkom.com mgunsay () btkom com murat () gunsay com PGP Key ID: 0xDDE611E1 ----- Original Message ----- From: <kiwi99 () hushmail com> To: <pen-test () securityfocus com> Sent: Wednesday, February 27, 2002 8:12 PM Subject: Unusual ports found in nmap scan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All I'm currently pentesting a client and nmap reports that a particular host has the following ports open: 82/tcp 445/tcp 447/tcp All other ports are filtered - the host is behind a Check Point firewall. Nmap OS identification states it's very unreliable as it can't find a closed port, but suggests FreeBSD or D-Link. The IP address has no DNS name, and as you can see no web/mail services are running (these are handled by other servers on the
subnet).
RFC1700 states that these ports are xfer, microsoft-ds and DDM-RDB respectively. Clearly the client could be running anything on
these ports - netcat reveals no banner information at all.
I can't find any meaningful info on the xfer utility. DDM-RDB information suggests that it's an AS/400 protocol. That's rather contradicted by microsoft-ds which implies it's a Win2K box. Does anyone have any further information on these ports and what sort of application might be running using these open ports
(assuming they are what they say they are!)
Also assuming it's Win2K are there any tools for enumeration on port 445? All help appreciated Dave Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlsEARECABsFAjx9Ic4UHGtpd2k5OUBodXNobWFpbC5jb20ACgkQHE/0wvT4MVRnPwCf UZTDj9+KVg3PYlYCQbDjeIldekIAn3PG/zwvpnGK53FX1Zvolh3nZrQW =zz2v -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Unusual ports found in nmap scan Mehmet Murat Gunsay (Mar 01)
- <Possible follow-ups>
- Re: Unusual ports found in nmap scan Nessim Kisserli (Mar 01)
- Re: Unusual ports found in nmap scan Aaron Higbee (Mar 01)