Penetration Testing mailing list archives

Re: Opne ports 1863 & 5910 - pentest

From: "Andrew Kuriger" <a.kuriger () liquidphlux com>
Date: Wed, 8 Jul 2009 14:07:42 -0500 (CDT)


Hi Tom,

Port 1863 is most commonly used for MSN Messenger (Using UDP) and VNC
Server uses port 5910 (Using TCP). My guess would be that the company
you are pen testing is using MSN messenger for collaboration and VNC for
desktop assistance.

You stated these are public IPs and the above would be an extremely bad
idea to have the above ports open on the public facing side (Due to vuln
in MSN and brute force attacks on VNC and possible VNC vulns). IMO this
is fairly uncommon as most companies either use NAT or firewall so these
ports are not public facing.

I would be worried, but then again I have always been paranoid.

~Andrew

On 7/8/2009, "tomright006 () gmail com" <tomright006 () gmail com> wrote:

Hi all,

I have just started my information security career & I am doing pentest on pool of some public IP's as my first 
assignment in Pentest.

During pentest I found that port 1863 & port 5910 are common for most of the IPs's ( In fact almost all).

I would like to know if anyone come across such situation while doing pentest in past.

Thanks

Tom Right

Security Engineer

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Opne ports 1863 & 5910 - pentest tomright006 (Jul 08)
- RE: Opne ports 1863 & 5910 - pentest John Perea (Jul 08)
- RE: Opne ports 1863 & 5910 - pentest Shenk, Jerry A (Jul 08)
- Re: Opne ports 1863 & 5910 - pentest jlay (Jul 08)
- Re: Opne ports 1863 & 5910 - pentest Andrew Kuriger (Jul 08)
- RE: Opne ports 1863 & 5910 - pentest Gorgon Beast (Jul 08)
- Re: Opne ports 1863 & 5910 - pentest JiPi DiNi (Jul 08)
- Re: Opne ports 1863 & 5910 - pentest Campbell Murray (Jul 09)