Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Strange ports
From: Tim Shea <tim () tshea net>
Date: Tue, 19 Jun 2007 17:36:26 -0500


My first step would be to request the firewall ruleset (or grab them yourself if you have access) and trace back to the source on your internal network. Then ask the owners of whatever you traced it back to that very question.


On Jun 18, 2007, at 1:59 PM, killy wrote:

Scanning my external firewall(at work), I (yes, it is my job to) find this:


PORT     STATE    SERVICE
53/tcp   open     domain

1029/tcp open     ms-lsa
1032/tcp open     iad3

3389/tcp open     ms-term-serv


Why would 1029 and 1032 need to be open from the outside?

-Kill


--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

---------------------------------------------------------------------- --
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
---------------------------------------------------------------------- --



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault