Penetration Testing mailing list archives
Re: Strange ports
From: StaticRez <staticrez () gmail com>
Date: Tue, 19 Jun 2007 17:27:53 -0500
You can try telnet to those ports as well. Maybe you'll get lucky and get some output... 1029 is also known to be an ICQ port. (http://www.seifried.org/security/ports/1000/1029.html) Port 1032 is also a known ICQ port. and yes, i agree with the other guys on having terminal services open to the world. bad practice. good luck. On 6/19/07, StaticRez <staticrez () gmail com> wrote:
You can try telnet to those ports as well. Maybe you'll get lucky and get some output... 1029 is also known to be an ICQ port. (http://www.seifried.org/security/ports/1000/1029.html ) Port 1032 is also a known ICQ port. and yes, i agree with the other guys on having terminal services open to the world. bad practice. good luck. On 6/18/07, Jason Barbier <kusuriya () gmail com> wrote: > it looks like it has something to do with IIS or MS Phoning home or its > some sort of gateway from or to an attack its hard to say but here are > some tidbits I found. One way to know for certain is to sniff traffic > off them. > http://www.grc.com/port_1029.htm > http://www.auditmypc.com/port/tcp-port-1029.asp > > http://www.seifried.org/security/ports/1000/1032.html > http://lists.debian.org/debian-user/2000/08/msg01614.html > > and heres a list of what the ports are default registered to that you > can download > http://lists.thedatalist.com/portlist/PortRef1.zip > > > killy wrote: > > Scanning my external firewall(at work), I (yes, it is my job to) find > > this: > > > > > > PORT STATE SERVICE > > 53/tcp open domain > > > > 1029/tcp open ms-lsa > > 1032/tcp open iad3 > > > > 3389/tcp open ms-term-serv > > > > > > Why would 1029 and 1032 need to be open from the outside? > > > > -Kill > > > > > > > ------------------------------------------------------------------------ > This List Sponsored by: Cenzic > > Are you using SPI, Watchfire or WhiteHat? > Consider getting clear vision with Cenzic > See HOW Now with our 20/20 program! > > http://www.cenzic.com/c/2020 > ------------------------------------------------------------------------ > >
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Strange ports killy (Jun 18)
- RE: Strange ports Erin Carroll (Jun 19)
- Re: Strange ports Jason Barbier (Jun 19)
- Message not available
- Re: Strange ports StaticRez (Jun 19)
- Message not available
- Re: Strange ports zion (Jun 19)
- Re: Strange ports R. DuFresne (Jun 21)
- Re: Strange ports Christine Kronberg (Jun 22)
- Re: Strange ports R. DuFresne (Jun 21)
- Re: Strange ports Tim Shea (Jun 19)
- Re: Strange ports killy (Jun 24)
- <Possible follow-ups>
- Re: Strange ports ebk_lists (Jun 19)
- Re: Re: Strange ports brian . marino (Jun 22)
- Re: Re: Strange ports Tim Shea (Jun 22)
- Re: Re: Strange ports Thor (Hammer of God) (Jun 22)