Security Basics mailing list archives
RE: TS Problems?
From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Wed, 28 Apr 2004 11:14:42 -0600
First, try to run TS into each of those ports. You can do it by typing address:port. Eg. 10.10.1.1:2286 Also, right click "my Computer" choose properties and select the "remote" tab. If both of those check boxes are not checked, then TS should be unusable or off (I haven't verified the behavior of the service when both are disabled). Personally, I always change the TS port on machine that have it enabled. It's much harder to track down. In addition, it uses encryption, so running telnet into that port would be very unlikely to reveal much of anything. Eric -----Original Message----- From: Matthew Crape [mailto:mcrape () hotmail com] Sent: Thursday, April 22, 2004 9:04 AM To: security-basics () securityfocus com Subject: TS Problems? Hi Group, I am writing this in hopes of getting some advice in trying to solve a little mystery. As it is right now I am in charge of a small network (about 50 computers total, including servers). There are only 2 Windows XP machines on the network that end users use. I decided to scan one them to see if Terminal Services was running by using ProbeTS v1.0. It returned a response saying that it is in fact running (and to quote Thor: "If it gets one, it knows it is a TServer."). Now if I try to connect to it using Remote Desktop client, it times out and says that it is not running. I am aware that it can be configured to run on other ports so I did an nmap scan go the following: PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 4899/tcp open radmin 5000/tcp open UPnP 5225/tcp open unknown 5226/tcp open unknown 8008/tcp open unknown Port 5525 is running some HP software (with Apache) and I am not sure about port 5226. I have assumed that it is also the HP software (although nothing comes up when I telnet to it). As for 8008, when I telnet to it it returns the following: ☺ HΩF═ Am I being paranoid? Any idea what it could be? Is there any way that I can fully verify that TS is or is not running on the machine? Thanks for all the help. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- TS Problems? Matthew Crape (Apr 24)
- Re: TS Problems? Alex Lomas (Apr 26)
- <Possible follow-ups>
- RE: TS Problems? Andrew Shore (Apr 26)
- RE: TS Problems? Hagen, Eric (Apr 28)