Re: Port 8081 mystery

[Johnny Wong <johnnywkm () gmail com>]

Hi,

Can you do a Telnet or netcat to that port and see if any banner shows up?

JW

At 02:07 AM 24/01/2007, WALI wrote:
> HI list...
>
> I ran a nmap scan on quite a few machines on my internal subnet and 
> one port that appears on all those scans, especially the machines 
> that are still running adequately patched but older Windows 2000 
> workstations, is tcp 8081. Though nmap shows this as blackice-icecap 
> port I do not find any such application running in task manager 
> neither is this installed.
>
> nestat-a just lists this port as 'Listening' and does not list any 
> application name assigned to it, so why is this port there? Who is 
> using this? I have ran antivirus scan and spybot checker just to 
> rule out any malware possibilities.
>
> Nessus Scan (tis weeks plugin feed) does not show this port listed 
> amongst any vulnerability.
>
> Here is the nmap output:
>
> SuSE101:/home/root # nmap -O 192.168.126.245 --osscan-guess
> Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2007-01-23 11:10 GST
> Interesting ports on 192.168.126.245:
> (The 1667 ports scanned but not shown below are in state: closed)
> PORT     STATE SERVICE
> 135/tcp  open  msrpc
> 139/tcp  open  netbios-ssn
> 445/tcp  open  microsoft-ds
> 2030/tcp open  device2
> 8081/tcp open  blackice-icecap
> Device type: general purpose
> Running: Microsoft Windows NT/2K/XP
> OS details: Microsoft Windows 2000 SP4 or XP SP1
>
> Nmap finished: 1 IP address (1 host up) scanned in 1.107 seconds