Home page logo

pen-test logo Penetration Testing mailing list archives

RE: TCP port 41523
From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Wed, 4 Jun 2003 17:06:37 -0400

I hate to give away professional secrets here, but I frequently use
Google to give me an idea of what might be running on an unidentified

Looks like more arcserve to me...


-----Original Message-----
From: Patrick Webster [mailto:aushack () tpg com au] 
Sent: Tuesday, June 03, 2003 8:35 PM
To: pen-test () securityfocus com
Subject: TCP port 41523

Hi All,

Whilst doing a pen-test I came across a Windows NT4 box with 
IIS4. After doing a port scan, I noticed, among others, that 
port 41523 was open.

Using Amap, the result returned is unknown, however the data given is:

Response received from xxx.xxx.xxx.xxx port 41523 tcp (length 
8 bytes):
0000:   424e 4532 3937 4400 
ASCII:  "NETBIOS_HOSTNAME"    <= I've replaced the real hostname
Unidentified ports: 41523/tcp (total 1).

I've searched google without any luck. Does anyone know what 
this may be? I don't have access to the machine to run 
fport.exe or similar. Below is the results of an Nmap, if it helps.

ort       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
80/tcp     open        http
81/tcp     open        hosts2-ns
88/tcp     open        kerberos-sec
135/tcp    open        loc-srv
139/tcp    open        netbios-ssn
443/tcp    open        https
1027/tcp   open        IIS
1038/tcp   open        unknown
1041/tcp   open        unknown
1433/tcp   open        ms-sql-s
4899/tcp   open        radmin
6050/tcp   open        arcserve
8314/tcp   open        unknown
41523/tcp  open        unknown





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]