Security Basics mailing list archives

TS Problems?

From: "Matthew Crape" <mcrape () hotmail com>
Date: Thu, 22 Apr 2004 11:04:08 -0400

Hi Group, I am writing this in hopes of getting some advice in trying to solve a little mystery. As it is right now I
am in charge of a small network (about 50 computers total, including servers). There are only 2 Windows XP machines on
the network that end users use.

I decided to scan one them to see if Terminal Services was running by using ProbeTS v1.0. It returned a response saying
that it is in fact running (and to quote Thor: "If it gets one, it knows it is a TServer."). Now if I try to connect to
it using Remote Desktop client, it times out and says that it is not running. I am aware that it can be configured to
run on other ports so I did an nmap scan go the following:
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
4899/tcp open radmin
5000/tcp open UPnP
5225/tcp open unknown
5226/tcp open unknown
8008/tcp open unknown

Port 5525 is running some HP software (with Apache) and I am not sure about port 5226. I have assumed that it is also
the HP software (although nothing comes up when I telnet to it).

As for 8008, when I telnet to it it returns the following:
☺
HΩF═

Am I being paranoid? Any idea what it could be? Is there any way that I can fully verify that TS is or is not running
on the machine? Thanks for all the help.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

TS Problems? Matthew Crape (Apr 24)
- Re: TS Problems? Alex Lomas (Apr 26)
- <Possible follow-ups>
- RE: TS Problems? Andrew Shore (Apr 26)
- RE: TS Problems? Hagen, Eric (Apr 28)