Re: Port 8081 mystery

[Lukasz <looky () interia pl>]

Hello,

Yesterday, I saw in my corporate net, same port in nmap scan. 
In my case it is ESET Nod32 Corporate update service listing at 8081 TCP.
My nmap output seems very like yours...

Lukasz

Dnia wtorek, 23 stycznia 2007 19:07, WALI wrote:
> HI list...
>
> I ran a nmap scan on quite a few machines on my internal subnet and one
> port that appears on all those scans, especially the machines that are
> still running adequately patched but older Windows 2000 workstations, is
> tcp 8081. Though nmap shows this as blackice-icecap port I do not find any
> such application running in task manager neither is this installed.
>
> nestat-a just lists this port as 'Listening' and does not list any
> application name assigned to it, so why is this port there? Who is using
> this? I have ran antivirus scan and spybot checker just to rule out any
> malware possibilities.
>
> Nessus Scan (tis weeks plugin feed) does not show this port listed amongst
> any vulnerability.
>
> Here is the nmap output:
>
> SuSE101:/home/root # nmap -O 192.168.126.245 --osscan-guess
> Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2007-01-23 11:10
> GST Interesting ports on 192.168.126.245:
> (The 1667 ports scanned but not shown below are in state: closed)
> PORT     STATE SERVICE
> 135/tcp  open  msrpc
> 139/tcp  open  netbios-ssn
> 445/tcp  open  microsoft-ds
> 2030/tcp open  device2
> 8081/tcp open  blackice-icecap
> Device type: general purpose
> Running: Microsoft Windows NT/2K/XP
> OS details: Microsoft Windows 2000 SP4 or XP SP1
>
> Nmap finished: 1 IP address (1 host up) scanned in 1.107 seconds

----------------------------------------------------------------------
Lufa dla generala. Zobacz >> http://link.interia.pl/f19e1