Security Incidents mailing list archives
RE: Strange set of TCP ports
From: "Chris Bell" <CBell () dataprise com>
Date: Tue, 20 Apr 2004 10:24:17 -0400
www.foundstone.com Go to Resources -> Free Tools and check out Vision. I use it for this exact purpose. (Used it last weeek...Had to disprove to a junior pen-tester consultant that port 1813 was being used by backup exec remote agent on server, not some random hacktool he found on google) ----------------------------------------------------------- Chris Bell, MCSE, CCNA, CQS WLAN-FE Network Engineer Dataprise, Inc Manage your business, not your network. -----Original Message----- From: mgotts () 2roads com [mailto:mgotts () 2roads com] Sent: Monday, April 19, 2004 4:10 PM To: Harlan Carvey Cc: Incidents; Raistlin Subject: Re: Strange set of TCP ports
Run openports.exe from DiamondCS on the suspect boxen. If you don't have physical access, but do have admin access, use psexec.exe from SysInternals, as well.
psexec.exe from SysInternals is a remote program execution utility. I use it now and then, and am not aware of any capability to have it list ports in use and what programs are using them. SysInternals probably does have such a utility, but I'm not sure what it is off the top of my head. -- Mark
--- Raistlin <raistlin () gioco net> wrote:Greetings, can someone help me in identifying the following strange subset of open TCP ports ? 3687/tcp open unknown 3688/tcp open unknown 3689/tcp open rendezvous 3690/tcp open unknown 3691/tcp open unknown Googling or looking at the usual known ports lists do not yield any results. I'd like to identify this beast if possible. Thanks in advance. Stefano
------------------------------------------------------------------------ ---
------------------------------------------------------------------------ ----
------------------------------------------------------------------------ ---
------------------------------------------------------------------------ ----
ForwardSourceID:NT000844F2
------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Strange set of TCP ports, (continued)
- Re: Strange set of TCP ports mgotts (Apr 19)
- Re: Strange set of TCP ports Shashank Rai (Apr 20)
- Re: Strange set of TCP ports Josh Tolley (Apr 20)
- RE: Strange set of TCP ports Benjamin Tomhave (Apr 20)
- Re: Strange set of TCP ports Scott Weeks (Apr 21)
- Re: Strange set of TCP ports mgotts (Apr 19)
- Re: Strange set of TCP ports Jim Matthews (Apr 20)
- RE: Strange set of TCP ports Steven Trewick (Apr 19)
- RE: Strange set of TCP ports Schmehl, Paul L (Apr 19)
- RE: Strange set of TCP ports J Jason Bridge (Apr 19)
- RE: Strange set of TCP ports Romulo M. Cholewa (Apr 20)
- RE: Strange set of TCP ports Chris Bell (Apr 20)
- Re: Strange set of TCP ports Raistlin (Apr 22)
- RE: Strange set of TCP ports Meidinger Chris (Apr 23)