Security Basics mailing list archives

RE: What does this mean?

From: Adnan Ali <call_ret () yahoo com>
Date: Wed, 28 Apr 2004 06:35:55 -0700 (PDT)


--- Bï¿½noni_MARTIN <Benoni.MARTIN () libertis ga> wrote:

Hi!

Well, when you are running an application (for
instance Apache), you can bind this app. to a port
and/or an address. In your case, the IP address
"0.0.0.0" means all addresses, i.e. if you have 2
NIC, your app. will be replying to requests coming
on the 2 NICs.


Yes, when in the local address column, it means
all the IPs and interfaces. However, what does 
0.0.0.0:0 mean in the Foreign Addr column. If it
means all remote addresses using any of their
source ports, then what does *:* mean in the
Foreign address column? What I mean to ask is that
as you can see in my mail below, the foreign address
column either contains 0.0.0.0:0 or *:*, what does
this mean?



If you had "10.0.0.1" instead of

0.0.0.0, then just requests to 10.0.0.1 will be
treated!

For the ports, well just see in "
C:\WINDOWS\system32\drivers\etc\services " !!

To see the match with the applications, just
download fport (I think it should be that), or
tcpview (I am sure of this one, better for me than
the former).


Yes it helped me figure out the applications running
on these ports.

Thanks for your help.

-----Message d'origine-----
Deï¿½: Adnan Ali [mailto:call_ret () yahoo com] 
Envoyï¿½: lundi 26 avril 2004 13:59
ï¿½: security-basics () securityfocus com
Objetï¿½: What does this mean?

Hello all,

I have a simple question and I hope to get an answer
from the experts on this list.

I have a PC running Windows 2000 Prof, and when I do
a netstat -an, I get the following:

Active Connections:
Proto  Local Addr    Foreign Addr     State 
============================================

TCP    0.0.0.0:135   0.0.0.0:0        LISTENING

TCP    0.0.0.0:445   0.0.0.0:0        LISTENING

TCP    0.0.0.0:1026  0.0.0.0:0        LISTENING

TCP    0.0.0.0:1027  0.0.0.0:0        LISTENING

UDP    0.0.0.0:135            *:*                   

UDP    0.0.0.0:445            *:*                   

UDP    0.0.0.0:1025           *:*                   

UDP    0.0.0.0:38037          *:*                   

UDP    172.20.4.76:500        *:*                   


I get this output even when I am running no network 
application on the machine.

Of course, this all seems quite suspicious. 

Can somebody please help me figure out what is going
on? At least find the respective applications
listening
on various ports.??

Thanks and best regards,


      
              
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for
25ï¿½
http://photos.yahoo.com/ph/print_splash

---------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention
this ad and get $545 off 
any course! All of our class sizes are guaranteed to
be 10 students or less 
to facilitate one-on-one interaction with one of our
expert instructors. 
Attend a course taught by an expert instructor with
years of in-the-field 
pen testing experience in our state of the art
hacking lab. Master the skills 
of an Ethical Hacker to better assess the security
of your organization. 
Visit us at:

http://www.infosecinstitute.com/courses/ethical_hacking_training.html

----------------------------------------------------------------------------

---------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention
this ad and get $545 off
any course! All of our class sizes are guaranteed to
be 10 students or less
to facilitate one-on-one interaction with one of our
expert instructors.
Attend a course taught by an expert instructor with
years of in-the-field
pen testing experience in our state of the art
hacking lab. Master the skills
of an Ethical Hacker to better assess the security
of your organization.
Visit us at:

http://www.infosecinstitute.com/courses/ethical_hacking_training.html

----------------------------------------------------------------------------




        
                
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

What does this mean? Adnan Ali (Apr 26)
- Re: What does this mean? Bryan Ware (Apr 26)
- RE: What does this mean? David Gillett (Apr 26)
  - Re: What does this mean? Ansgar -59cobalt- Wiechers (Apr 27)
- Re: What does this mean? Dedric Ramsey - Ramsey Consulting Svcs (Apr 26)
  - Re: What does this mean? Ansgar -59cobalt- Wiechers (Apr 27)
  - Re: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? Jason Haith (Apr 26)
- <Possible follow-ups>
- RE: What does this mean? Bénoni MARTIN (Apr 26)
  - RE: What does this mean? Adnan Ali (Apr 28)
- Re: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? David Gillett (Apr 28)
- RE: What does this mean? Adnan Ali (Apr 30)