|
Penetration Testing
mailing list archives
RE: TCP port 41523
From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Wed, 4 Jun 2003 17:06:37 -0400
I hate to give away professional secrets here, but I frequently use
Google to give me an idea of what might be running on an unidentified
port:
http://www.google.com/search?q=TCP+41523
Looks like more arcserve to me...
Phil
-----Original Message-----
From: Patrick Webster [mailto:aushack () tpg com au]
Sent: Tuesday, June 03, 2003 8:35 PM
To: pen-test () securityfocus com
Subject: TCP port 41523
Hi All,
Whilst doing a pen-test I came across a Windows NT4 box with
IIS4. After doing a port scan, I noticed, among others, that
port 41523 was open.
Using Amap, the result returned is unknown, however the data given is:
Response received from xxx.xxx.xxx.xxx port 41523 tcp (length
8 bytes):
0000: 424e 4532 3937 4400
ASCII: "NETBIOS_HOSTNAME" <= I've replaced the real hostname
Unidentified ports: 41523/tcp (total 1).
I've searched google without any luck. Does anyone know what
this may be? I don't have access to the machine to run
fport.exe or similar. Below is the results of an Nmap, if it helps.
ort State Service
21/tcp open ftp
22/tcp open ssh
80/tcp open http
81/tcp open hosts2-ns
88/tcp open kerberos-sec
135/tcp open loc-srv
139/tcp open netbios-ssn
443/tcp open https
1027/tcp open IIS
1038/tcp open unknown
1041/tcp open unknown
1433/tcp open ms-sql-s
4899/tcp open radmin
6050/tcp open arcserve
8314/tcp open unknown
41523/tcp open unknown
Thanks,
-Patrick
--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
