Security Incidents mailing list archives
RE: Think I've got trouble
From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Wed, 9 Jan 2002 20:18:27 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: Katherine Ogden [mailto:kogden () 4cd net] Sent: Wednesday, January 09, 2002 11:01 AM We began having trouble with our exchange server. For no reason we could pin down the OWA would throw up an error and stop the www service. Being the slightly paranoid sort I downloaded Retina and ran it against the email server. It showed the usual things but it also showed Port 1058 - Nim Port 1090 - Xtreme Two other exchange servers show these ports open. Port 1042 - Bla Port 1059 - Nimreg
Katherine, as Nexus said, use FPort (or similar) to figure out the service/task associated with that port. My guess would be 1042 - dsamain.exe and 1059 - store.exe (which is the Directory service and the Information Store of Exchange). However, if fport shows 1042 - winshell.exe, or any other executable an ordinary NT server doesn't have, then yank the box and investigate. Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBPDz58szYtOFvgXQfEQL2XQCfQrL5fFM5RdVMY560RaszC5xRl4oAoPjN muuJZfeDiElaa0fLRTsAJIom =DwWz -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Think I've got trouble Katherine Ogden (Jan 09)
- Re: Think I've got trouble Hugo van der Kooij (Jan 09)
- Re: Think I've got trouble Nexus (Jan 09)
- <Possible follow-ups>
- RE: Think I've got trouble Andrew Blevins (Jan 09)
- RE: Think I've got trouble Frank Knobbe (Jan 09)