Security Incidents mailing list archives
Re: Strange set of TCP ports
From: Josh Tolley <josh () raintreeinc com>
Date: Mon, 19 Apr 2004 16:14:46 -0700
If it's a windows box, you might take a tool like psexec.exe, BeyondExec.exe (not sure from where... Google should do it), or the equivalent whose name I've forgotten from the corresponding Windows resource kit and use it to run FPort or a similar utility. It worked for me recently while investigating other strange traffic.
Josh Tolley mgotts () 2roads com wrote:
Run openports.exe from DiamondCS on the suspect boxen. If you don't have physical access, but do have admin access, use psexec.exe from SysInternals, as well.psexec.exe from SysInternals is a remote program execution utility. I use it now and then, and am not aware of any capability to have it list ports in use and what programs are using them.SysInternals probably does have such a utility, but I'm not sure what it is off the top of my head.-- Mark--- Raistlin <raistlin () gioco net> wrote:Greetings, can someone help me in identifying the followingstrange subset of open TCP ports ?3687/tcp open unknown 3688/tcp open unknown 3689/tcp open rendezvous 3690/tcp open unknown 3691/tcp open unknown Googling or looking at the usual known ports listsdo not yield any results. I'd like to identify this beast ifpossible. Thanks in advance. Stefano--------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------ForwardSourceID:NT000844F2--------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- Josh Tolley Raintree Systems, Inc. http://www.raintreeinc.com 760 509 9000 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Strange set of TCP ports Raistlin (Apr 19)
- Re: Strange set of TCP ports Harlan Carvey (Apr 19)
- Re: Strange set of TCP ports mgotts (Apr 19)
- Re: Strange set of TCP ports Shashank Rai (Apr 20)
- Re: Strange set of TCP ports Josh Tolley (Apr 20)
- RE: Strange set of TCP ports Benjamin Tomhave (Apr 20)
- Re: Strange set of TCP ports Scott Weeks (Apr 21)
- Re: Strange set of TCP ports mgotts (Apr 19)
- Re: Strange set of TCP ports Jim Matthews (Apr 20)
- <Possible follow-ups>
- RE: Strange set of TCP ports Steven Trewick (Apr 19)
- RE: Strange set of TCP ports Schmehl, Paul L (Apr 19)
- RE: Strange set of TCP ports J Jason Bridge (Apr 19)
- RE: Strange set of TCP ports Romulo M. Cholewa (Apr 20)
- RE: Strange set of TCP ports Chris Bell (Apr 20)
- Re: Strange set of TCP ports Raistlin (Apr 22)
- RE: Strange set of TCP ports Meidinger Chris (Apr 23)
- Re: Strange set of TCP ports Harlan Carvey (Apr 19)