Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Strange ports
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Mon, 18 Jun 2007 20:31:37 -0700

I would recommend using amap to see about getting a fingerprint of the
application used on these ports if possible and/or contacting your firewall
team to check the configs and see what these services are for. The IANA
lists of port to application mappings are general guidelines, not explicit
sets of what the application actually is. There's no law that says you have
to run ms-term-serv on port 3389 :) You should be concerned about more than
just the 1029 and 1032 ports. I know of no valid security or business reason
why you would want to allow random people on the internet to attempt
terminal connections to your internal machines... That's what VPN's are for.



-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of killy
Sent: Monday, June 18, 2007 11:59 AM
To: Pen-Tests
Subject: Strange ports

Scanning my external firewall(at work), I (yes, it is my job 
to) find this:


PORT     STATE    SERVICE
53/tcp   open     domain

1029/tcp open     ms-lsa
1032/tcp open     iad3

3389/tcp open     ms-term-serv


Why would 1029 and 1032 need to be open from the outside?

-Kill


--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with 
our 20/20 program!

http://www.cenzic.com/c/2020
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault