Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Port 5357 -- Vista SP1 ???
From: "Colin Copley" <colin.75 () btinternet com>
Date: Sun, 27 Jul 2008 06:24:21 +0100

"jond" <x () jond com> wrote:
I have a homemade tripwire type program that alerted me to someone
connecting to port 5357 on my Vista SP1 box.
To my knowledge, I don't think I have this port open.
...I'm curious if anyone is going as
far as to manually block the port, and if so, if there are any
negative consequences?


Hello

In Vista & 2008 Server the WSD Port Monitor (Web Services for Devices) uses 5357 for GET, GETRESPONSE, and directed PROBE, PROBEMATCHES messages.

With 'Network Discovery' on, the firewall lets this traffic in.

Stopping the 'Function Discovery Resource Publication" Service will close the port. The PC then won't be able to solicit wireless devices, or broadcast it's own web based devices, but normal windows network shares and wireless networks will be unaffected. That's as much as I know.

Cheers
Colin




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]