Security Basics mailing list archives
Re: Port 8081 mystery
From: Brian.D.Turk () healthnet com
Date: Tue, 23 Jan 2007 15:32:33 -0800
Are you using McAfee products in your environment? McAfee ePolicy
Orchestrator also uses port 8081.
Brian D. Turk, CISSP, CCNA
Systems Engineer, Sr. (Security)
CTS Design & Architecture
Health Net, Inc.
(916) 935-1016
Brian.D.Turk () Healthnet com
WALI
<hkhasgiwale@gmai
l.com> To
Sent by: security-basics () securityfocus com
listbounce@securi cc
tyfocus.com
Subject
Port 8081 mystery
01/23/2007 10:07
AM
HI list...
I ran a nmap scan on quite a few machines on my internal subnet and one
port that appears on all those scans, especially the machines that are
still running adequately patched but older Windows 2000 workstations, is
tcp 8081. Though nmap shows this as blackice-icecap port I do not find any
such application running in task manager neither is this installed.
nestat-a just lists this port as 'Listening' and does not list any
application name assigned to it, so why is this port there? Who is using
this? I have ran antivirus scan and spybot checker just to rule out any
malware possibilities.
Nessus Scan (tis weeks plugin feed) does not show this port listed amongst
any vulnerability.
Here is the nmap output:
SuSE101:/home/root # nmap -O 192.168.126.245 --osscan-guess
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2007-01-23 11:10
GST
Interesting ports on 192.168.126.245:
(The 1667 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2030/tcp open device2
8081/tcp open blackice-icecap
Device type: general purpose
Running: Microsoft Windows NT/2K/XP
OS details: Microsoft Windows 2000 SP4 or XP SP1
Nmap finished: 1 IP address (1 host up) scanned in 1.107 seconds
---------------------------------------------------------------------
This message, together with any attachments, is
intended only for the use of the individual or entity
to which it is addressed. It may contain information
that is confidential and prohibited from disclosure.
If you are not the intended recipient, you are hereby
notified that any dissemination or copying of this
message or any attachment is strictly prohibited. If
you have received this message in error, please notify
the original sender immediately by telephone or by
return e-mail and delete this message, along with any
attachments, from your computer. Thank you.
---------------------------------------------------------------------
Current thread:
- RE: Password Pride - A Humorous Vulnerability, (continued)
- RE: Password Pride - A Humorous Vulnerability Murda Mcloud (Jan 23)
- Message not available
- Highlighting weak password dangers WALI (Jan 24)
- RE: Highlighting weak password dangers Simon W. Hall (Jan 25)
- RE: Highlighting weak password dangers Scott Ramsdell (Jan 26)
- Re: Highlighting weak password dangers Manuel Arostegui Ramirez (Jan 26)
- Re: Highlighting weak password dangers Alexander Bolante (Jan 30)
- Re: Highlighting weak password dangers anesde (Jan 31)
- Message not available
- Re: Port 8081 mystery WALI (Jan 24)
- Port 8081 mystery WALI (Jan 23)
- RE: Port 8081 mystery Gressick, Michael (Jan 24)
- Re: Port 8081 mystery Brian . D . Turk (Jan 24)
- RE: Port 8081 mystery Remad (Jan 24)
- Re: Port 8081 mystery George A. Theall (Jan 24)
- Re: Port 8081 mystery Johnny Wong (Jan 24)
- RE: Port 8081 mystery Sandro, Herpich (Jan 24)
- RE: Port 8081 mystery Christopher A. Libby (Jan 25)