Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: Port TCP/8000

RE: Port TCP/8000

From: Golden_Eternity <bhodi_jabir_at_yahoo.com>
Date: Fri, 1 Nov 2002 10:47:34 -0800

> I have a newly built Dell PowerEdge Server and now have ports open I can't
> explain clearly to government management. .

> Active Connections
> Proto Local Address Foreign Address State
> TCP 0.0.0.0:111 0.0.0.0:0 LISTENING
portmap. If you don't use rpc, kill it.

> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
445 is pretty common on 2k servers; like 137-139 on 9x boxen. 135 is MS'
RPC...

> TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
...
> TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING
These are all open connections to localhost. (see
http://www.robertgraham.com/pubs/firewall-seen.html#1.1)

> TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING
MSDTC and iRDMI? I'm sure one of the other posts'll be able to help you with
these two.

-G_E
Received on Nov 02 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos