Security Incidents mailing list archives
Re: Weird Ports on NT box
From: moeller () CERT DFN DE (Klaus Moeller)
Date: Fri, 14 Apr 2000 11:53:29 +0200
-----BEGIN PGP SIGNED MESSAGE----- Maniac . writes:
I've got a we ird one for you. I did a scan on a clients NT 4.0 SP6a, MS Exchange 5.5 SP3 box and came up with the following ports that I cannot ID. TCP 389 TCP 593 TCP 636
389 | TCP/UDP Lightweight Directory Access Protocol 636 | TCP/UDP ldap protocol over TLS | SSL (was sldap) The ldap ports are most likely to be part of the address book and/or integration with MS Active Directory. - From the IANA Database: http-rpc-epmap 593/tcp HTTP RPC Ep Map http-rpc-epmap 593/udp HTTP RPC Ep Map And from http://advice.networkice.com/advice/Exploits/Ports 593 provides "endpoint mapper" services for RPC-over-HTTP (when IIS acts as a proxy for RPC). See port 135 for more info. Sometimes enabled automatically by Exchange. See "MIDL Programmers Guide and Reference" programmers documentation. http://msdn.microsoft.com/library/specs/51oxidresolverportsendpoints.htm Looking under port 135 (same location) Microsoft DCE Locator service aka. end-point mapper. It works like Sun RPC portmapper, except that end-points can also be named pipes. AKA NCS local location broker Hope that helps, Klaus Moeller, DFN-CERT - -- Klaus Moeller | mailto:moeller () cert dfn de DFN-CERT GmbH | Vogt-Koelln-Str. 30 | Phone: +49(40)42883-2262 D-22527 Hamburg | FAX: +49(40)42883-2241 Germany | PGP-Key: finger moeller () ftp cert dfn de -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQEVAwUBOPbqf4rEggYLt8j5AQEEzwf/bXvZL/Av2J5pBkEBaEHkiyYFAYvuEIBP PGhX8BsyZGsEVnN3zGJ+2lnUKZpmoXUPdZmegwXFvKCPxO98Y5Qxns7kPv+c/rRc esD938+yBUpj74QEjWyVZri4nJy9fBJaDlIDP0aB7AEYG+0rMZ2hV1amfqmbbb+Q aQSfgbXov3p32nIvahTN3gAcPuLj3HXEVhDelRyAwYmmZK27Cl14IupzTP1AF9G5 vsn0/4HBXJag4WKUkKcRiqiPBMmo0hAom3eMW9EZuv0QmIO8BCti+4f5tVFZoRXB 3HT3MnptJ5jUA+Z0Z2Pn1AaPTbhncAJjMks3FfdpdCIVxGuud0XJGQ== =O8x1 -----END PGP SIGNATURE-----
Current thread:
- IP fw-in deny spam in logs Jason Baker (Apr 11)
- Weird Ports on NT box Maniac . (Apr 12)
- Re: Weird Ports on NT box Joe McAlerney (Apr 13)
- Re: Weird Ports on NT box Klaus Moeller (Apr 14)
- dsnhack.pl --ooops Roelof Temmingh (Apr 13)
- Re: IP fw-in deny spam in logs Erich Meier (Apr 13)
- Re: IP fw-in deny spam in logs Paul Wouters (Apr 13)
- Weird Ports on NT box Maniac . (Apr 12)