Home page logo
/

basics logo Security Basics mailing list archives

TS Problems?
From: "Matthew Crape" <mcrape () hotmail com>
Date: Thu, 22 Apr 2004 11:04:08 -0400

Hi Group, I am writing this in hopes of getting some advice in trying to solve a little mystery. As it is right now I 
am in charge of a small network (about 50 computers total, including servers). There are only 2 Windows XP machines on 
the network that end users use. 
 
I decided to scan one them to see if Terminal Services was running by using ProbeTS v1.0. It returned a response saying 
that it is in fact running (and to quote Thor: "If it gets one, it knows it is a TServer."). Now if I try to connect to 
it using Remote Desktop client, it times out and says that it is not running. I am aware that it can be configured to 
run on other ports so I did an nmap scan go the following:
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
1025/tcp open  NFS-or-IIS
4899/tcp open  radmin
5000/tcp open  UPnP
5225/tcp open  unknown
5226/tcp open  unknown
8008/tcp open  unknown
 
Port 5525 is running some HP software (with Apache) and I am not sure about port 5226. I have assumed that it is also 
the HP software (although nothing comes up when I telnet to it). 
 
As for 8008, when I telnet to it it returns the following:
☺
HΩF═
 
Am I being paranoid? Any idea what it could be? Is there any way that I can fully verify that TS is or is not running 
on the machine? Thanks for all the help.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]