Penetration Testing mailing list archives
Re: Port 5357 -- Vista SP1 ???
From: bigbert007 <bigbert007 () gmail com>
Date: Mon, 28 Jul 2008 07:43:37 -0400
According to a netstat -ao processID 4 owns it which on my Vista box is the "System" process. I don't have any idea what it is for though. Interesting question.
Bert jond wrote:
I have a homemade tripwire type program that alerted me to someone connecting to port 5357 on my Vista SP1 box. To my knowledge, I don't think I have this port open. From a little time on google, it looks like some people are calling this a potential info leak problem. I'm curious if anyone is going as far as to manually block the port, and if so, if there are any negative consequences? In my opinion, if this is some sort of default vista webserver that the firewall doesn't touch, it's but a matter of time..... If I run 'netstat -anb | find "5357"' it doesn't give the owning process, it says: "x: Windows Sockets initialization failed: 5 TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING TCP [::]:5357 [::]:0 LISTENING" I tried hitting the port on another Vista computer and it looks like it's some sort of built in webserver???? This is the response: "C:\>nc 10.10.12.90 5357 ? HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Tue, 22 Jul 2008 19:37:41 GMT Connection: close Content-Length: 326 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/str ict.dtd"> <HTML><HEAD><TITLE>Bad Request</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Bad Request - Invalid Verb</h2> <hr><p>HTTP Error 400. The request verb is invalid.</p> </BODY></HTML> C:\>" If I try to hit the port with firefox, since it looks like a webserver, I get this: "HTTP Error 503. The service is unavailable." Very different from hitting a port that's blocked..... I'm curious what everyone else thinks. Jon . . ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web ApplicationsGet 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 080727-0, 07/27/2008 Tested on: 7/28/2008 7:44:16 AM avast! - copyright (c) 1988-2008 ALWIL Software. http://www.avast.com ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Port 5357 -- Vista SP1 ??? jond (Jul 25)
- RE: Port 5357 -- Vista SP1 ??? Mathieu CHATEAU (Jul 28)
- Re: Port 5357 -- Vista SP1 ??? bigbert007 (Jul 28)
- Re: Port 5357 -- Vista SP1 ??? Terry Cutler (Jul 28)
- RE: Port 5357 -- Vista SP1 ??? Mathieu CHATEAU (Jul 28)
- <Possible follow-ups>
- Re: Port 5357 -- Vista SP1 ??? Colin Copley (Jul 28)