Home page logo
/

basics logo Security Basics mailing list archives

RE: What does this mean?
From: Adnan Ali <call_ret () yahoo com>
Date: Wed, 28 Apr 2004 06:42:13 -0700 (PDT)


--- Chris Gordon <chris.gordon () gettyimages com> wrote:
Adnan,
This is actually a pretty typically output for a
Win2k system. 
You can find out which applications are listening on
each port by
running Vision v1.0 from foundstone.
Resources -> Free Tools -> Forensic Tools -> Vision
v1.0

http://www.foundstone.com/resources/proddesc/vision.htm

When you see the 0.0.0.0:port# that port is opened
up locally on the system
whereas the 172.20.4.76:500 means that that port is
listening for remote connections.

What do you mean? I think when I see


TCP    0.0.0.0:135   0.0.0.0:0        LISTENING

it means all local IPs at port 135 are listening for
incoming connection requests from all remote IPs using
any port as source port. Please correct me if this is
not so.


I hope this helps
peace
C Gordon


Thanks for your help.



-----Original Message-----
From: Adnan Ali [mailto:call_ret () yahoo com]
Sent: Monday, April 26, 2004 5:59 AM
To: security-basics () securityfocus com
Subject: What does this mean?


Hello all,

I have a simple question and I hope to get an answer
from the experts on this list.

I have a PC running Windows 2000 Prof, and when I do
a netstat -an, I get the following:

Active Connections:
Proto  Local Addr    Foreign Addr     State 
============================================

TCP    0.0.0.0:135   0.0.0.0:0        LISTENING

TCP    0.0.0.0:445   0.0.0.0:0        LISTENING

TCP    0.0.0.0:1026  0.0.0.0:0        LISTENING

TCP    0.0.0.0:1027  0.0.0.0:0        LISTENING

UDP    0.0.0.0:135            *:*                   

UDP    0.0.0.0:445            *:*                   

UDP    0.0.0.0:1025           *:*                   

UDP    0.0.0.0:38037          *:*                   

UDP    172.20.4.76:500        *:*                   


I get this output even when I am running no network 
application on the machine.

Of course, this all seems quite suspicious. 

Can somebody please help me figure out what is going
on? At least find the respective applications
listening
on various ports.??

Thanks and best regards,


      
              
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for
25�
http://photos.yahoo.com/ph/print_splash


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention
this ad and get $545 off 
any course! All of our class sizes are guaranteed to
be 10 students or less 
to facilitate one-on-one interaction with one of our
expert instructors. 
Attend a course taught by an expert instructor with
years of in-the-field 
pen testing experience in our state of the art
hacking lab. Master the skills 
of an Ethical Hacker to better assess the security
of your organization. 
Visit us at: 

http://www.infosecinstitute.com/courses/ethical_hacking_training.html

----------------------------------------------------------------------------



=======================================================
This email and its contents are confidential. If you
are not the intended recipient, please do not
disclose
or use the information within this email or its
attachments. If you have received this email in
error,
please delete it immediately. Thank you.

=======================================================



        
                
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault