Penetration Testing mailing list archives
Re: Port 5357 -- Vista SP1 ???
From: "Colin Copley" <colin.75 () btinternet com>
Date: Sun, 27 Jul 2008 06:24:21 +0100
"jond" <x () jond com> wrote:
I have a homemade tripwire type program that alerted me to someone connecting to port 5357 on my Vista SP1 box. To my knowledge, I don't think I have this port open. ...I'm curious if anyone is going as far as to manually block the port, and if so, if there are any negative consequences?
HelloIn Vista & 2008 Server the WSD Port Monitor (Web Services for Devices) uses 5357 for GET, GETRESPONSE, and directed PROBE, PROBEMATCHES messages.
With 'Network Discovery' on, the firewall lets this traffic in.Stopping the 'Function Discovery Resource Publication" Service will close the port. The PC then won't be able to solicit wireless devices, or broadcast it's own web based devices, but normal windows network shares and wireless networks will be unaffected. That's as much as I know.
Cheers Colin ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Port 5357 -- Vista SP1 ??? jond (Jul 25)
- RE: Port 5357 -- Vista SP1 ??? Mathieu CHATEAU (Jul 28)
- Re: Port 5357 -- Vista SP1 ??? bigbert007 (Jul 28)
- Re: Port 5357 -- Vista SP1 ??? Terry Cutler (Jul 28)
- RE: Port 5357 -- Vista SP1 ??? Mathieu CHATEAU (Jul 28)
- <Possible follow-ups>
- Re: Port 5357 -- Vista SP1 ??? Colin Copley (Jul 28)