Penetration Testing mailing list archives
RE: Strange ports
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Mon, 18 Jun 2007 20:31:37 -0700
I would recommend using amap to see about getting a fingerprint of the application used on these ports if possible and/or contacting your firewall team to check the configs and see what these services are for. The IANA lists of port to application mappings are general guidelines, not explicit sets of what the application actually is. There's no law that says you have to run ms-term-serv on port 3389 :) You should be concerned about more than just the 1029 and 1032 ports. I know of no valid security or business reason why you would want to allow random people on the internet to attempt terminal connections to your internal machines... That's what VPN's are for.
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of killy Sent: Monday, June 18, 2007 11:59 AM To: Pen-Tests Subject: Strange ports Scanning my external firewall(at work), I (yes, it is my job to) find this: PORT STATE SERVICE 53/tcp open domain 1029/tcp open ms-lsa 1032/tcp open iad3 3389/tcp open ms-term-serv Why would 1029 and 1032 need to be open from the outside? -Kill -- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke -------------------------------------------------------------- ---------- This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Strange ports killy (Jun 18)
- RE: Strange ports Erin Carroll (Jun 19)
- Re: Strange ports Jason Barbier (Jun 19)
- Message not available
- Re: Strange ports StaticRez (Jun 19)
- Message not available
- Re: Strange ports zion (Jun 19)
- Re: Strange ports R. DuFresne (Jun 21)
- Re: Strange ports Christine Kronberg (Jun 22)
- Re: Strange ports R. DuFresne (Jun 21)
- Re: Strange ports Tim Shea (Jun 19)
- Re: Strange ports killy (Jun 24)
- <Possible follow-ups>
- Re: Strange ports ebk_lists (Jun 19)
- Re: Re: Strange ports brian . marino (Jun 22)
- Re: Re: Strange ports Tim Shea (Jun 22)