Re: Port 8081 mystery

[WALI <hkhasgiwale () gmail com>]

Thanks guys...it's indeed the ePolicy orchestrator!!

Thanks for all the replies....

At 10:07 AM 1/24/2007 -0500, TheGesus wrote:
> On 1/23/07, WALI <hkhasgiwale () gmail com> wrote:
> > HI list...
> >
> > I ran a nmap scan on quite a few machines on my internal subnet and one
> > port that appears on all those scans, especially the machines that are
> > still running adequately patched but older Windows 2000 workstations, is
> > tcp 8081. Though nmap shows this as blackice-icecap port I do not find any
> > such application running in task manager neither is this installed.
> >
> > nestat-a just lists this port as 'Listening' and does not list any
> > application name assigned to it, so why is this port there? Who is using
> > this? I have ran antivirus scan and spybot checker just to rule out any
> > malware possibilities.
> >
> > Nessus Scan (tis weeks plugin feed) does not show this port listed amongst
> > any vulnerability.
> >
> > Here is the nmap output:
> >
> > SuSE101:/home/root # nmap -O 192.168.126.245 --osscan-guess
> > Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2007-01-23 11:10 GST
> > Interesting ports on 192.168.126.245:
> > (The 1667 ports scanned but not shown below are in state: closed)
> > PORT     STATE SERVICE
> > 135/tcp  open  msrpc
> > 139/tcp  open  netbios-ssn
> > 445/tcp  open  microsoft-ds
> > 2030/tcp open  device2
> > 8081/tcp open  blackice-icecap
> > Device type: general purpose
> > Running: Microsoft Windows NT/2K/XP
> > OS details: Microsoft Windows 2000 SP4 or XP SP1
> >
> > Nmap finished: 1 IP address (1 host up) scanned in 1.107 seconds
>
> Very likely it's McAfee's ePolicy Orchestrator (ePO) agent.  Point a
> browser at it (http://x.x.x.x:8081) and you should see the activity
> log.