Security Basics mailing list archives
Re: unadministered open ports
From: Mordread Wallas <mordread.wallas () gmail com>
Date: Fri, 12 Aug 2005 23:55:09 +0200
Dear Peter, You may try fport or vision tools from foundstone (free software). With these tools, you'll be able to check exactly what are the running processes. In fact, filtered ports don't mean that something is listening all the time. Best regards, Mordread 11 Aug 2005 17:44:33 +0100, Peter Odigie <petermariano () ncema gov ng>:
What process spawned the ports?. Take for example the ports below from a workstation The ports that are "filtered" are not supposed to be there, maybe the user is/has done something wrong. Do I have to put a filter on the my gateway? but which ports do I filter? I guess I will finally have to go each of the computers and remove the offending process (maybe a malware) but is there a way to do this remotely? Interesting ports on (The 1653 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 116/tcp filtered ansanotify 135/tcp open msrpc 139/tcp open netbios-ssn 196/tcp filtered dn6-smm-red 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1076/tcp filtered sns_credit 2043/tcp filtered isis-bcast 3389/tcp open ms-term-serv 5000/tcp open UPnP Thanks Peter On Thu, 2005-08-11 at 17:01, Sean Crawford wrote:What ports are they for a start?. What process spawned the ports?. *sigh* ---> -----Original Message----- ---> From: Peter Odigie [mailto:petermariano () ncema gov ng] ---> Sent: Wednesday, 10 August 2005 7:21 PM ---> To: security-basics () securityfocus com ---> Subject: unadministered open ports ---> ---> ---> Hi All ---> ---> I have noticed that anytime I do a nmap of my LAN I see ports that are ---> not supposed to be open or used appearing as "filtered" on my ---> workstations. I get a feeling that they have been infected. I will ---> want to control this and I will like if I can do it remotely. ---> ---> Any help please ---> ---> Peter ---> ---> ---> ---> ________ Information from NOD32 ________ ---> This message was checked by NOD32 Antivirus System for Linux ---> Mail Server. ---> part000.txt - is OK ---> http://www.nod32.com ---> ---> __________ NOD32 1.1191 (20050810) Information __________ ---> ---> This message was checked by NOD32 antivirus system. ---> http://www.eset.com ---> --->
Current thread:
- unadministered open ports Peter Odigie (Aug 10)
- <Possible follow-ups>
- RE: unadministered open ports Peter Odigie (Aug 12)
- Re: unadministered open ports Jacob Bresciani (Aug 15)
- Re: unadministered open ports Mordread Wallas (Aug 15)
- Re: unadministered open ports keydet89 (Aug 12)
- Call Center Security Basics Mark Teicher (Aug 15)