Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Strange ports
From: Jason Barbier <kusuriya () gmail com>
Date: Mon, 18 Jun 2007 21:11:55 -0700

it looks like it has something to do with IIS or MS Phoning home or its some sort of gateway from or to an attack its hard to say but here are some tidbits I found. One way to know for certain is to sniff traffic off them.
http://www.grc.com/port_1029.htm
http://www.auditmypc.com/port/tcp-port-1029.asp

http://www.seifried.org/security/ports/1000/1032.html
http://lists.debian.org/debian-user/2000/08/msg01614.html

and heres a list of what the ports are default registered to that you can download
http://lists.thedatalist.com/portlist/PortRef1.zip


killy wrote:
Scanning my external firewall(at work), I (yes, it is my job to) find this:


PORT     STATE    SERVICE
53/tcp   open     domain

1029/tcp open     ms-lsa
1032/tcp open     iad3

3389/tcp open     ms-term-serv


Why would 1029 and 1032 need to be open from the outside?

-Kill




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]