Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Strange ports
From: StaticRez <staticrez () gmail com>
Date: Tue, 19 Jun 2007 17:27:53 -0500

You can try telnet to those ports as well. Maybe you'll get lucky and
get some output...

1029 is also known to be an ICQ port.
(http://www.seifried.org/security/ports/1000/1029.html)

Port 1032 is also a known ICQ port. and yes, i agree with the other
guys on having terminal services open to the world. bad practice.

good luck.

On 6/19/07, StaticRez <staticrez () gmail com> wrote:
You can try telnet to those ports as well. Maybe you'll get lucky and get some output...

1029 is also known to be an ICQ port.
(http://www.seifried.org/security/ports/1000/1029.html )

Port 1032 is also a known ICQ port. and yes, i agree with the other guys on having terminal services open to the world. 
bad practice.

good luck.



On 6/18/07,  Jason Barbier <kusuriya () gmail com> wrote:
>  it looks like it has something to do with IIS or MS Phoning home or its
> some sort of gateway from or to an attack its hard to say but here are
> some tidbits I found. One way to know for certain is to sniff traffic
>  off them.
> http://www.grc.com/port_1029.htm
> http://www.auditmypc.com/port/tcp-port-1029.asp
>
>  http://www.seifried.org/security/ports/1000/1032.html
> http://lists.debian.org/debian-user/2000/08/msg01614.html
>
> and heres a list of what the ports are default registered to that you
> can download
> http://lists.thedatalist.com/portlist/PortRef1.zip
>
>
> killy wrote:
> > Scanning my external firewall(at work), I (yes, it is my job to) find
> > this:
> >
> >
> > PORT     STATE    SERVICE
> > 53/tcp   open     domain
> >
> > 1029/tcp open     ms-lsa
> > 1032/tcp open     iad3
> >
> > 3389/tcp open     ms-term-serv
> >
> >
> > Why would 1029 and 1032 need to be open from the outside?
> >
> > -Kill
> >
> >
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]