Security Basics mailing list archives
RE: What does this mean?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 28 Apr 2004 08:38:51 -0700
RPC is a meta-service. Instead of mapping specific services to specific ports, a service registers with RPC, and RPC assigns a port. A client looking for that service knows to contact RPC (the two main flavours listen on port 111 (Sun flavour) and 135 (Microsoft flavour)) and ask for the service by name; RPC will tell the client what port it assigned that service. Since the well-known ports are all those less than or equal to 1024, at least the Microsoft flavour of RPC starts assigning ports to services at 1025 and increments from there. I believe virtually all current Windows versions include at least one OS service that registers via RPC. I don't remember what it is or does, just that it's "normal". David Gillett
-----Original Message----- From: Adnan Ali [mailto:call_ret () yahoo com] Sent: Wednesday, April 28, 2004 6:17 AM To: gillettdavid () fhda edu Cc: security-basics () securityfocus com Subject: RE: What does this mean? --- David Gillett <gillettdavid () fhda edu> wrote:-----Original Message----- From: Adnan Ali [mailto:call_ret () yahoo com] I have a PC running Windows 2000 Prof, and when Idoa netstat -an, I get the following: Active Connections: Proto Local Addr Foreign Addr State ============================================ TCP 0.0.0.0:135 0.0.0.0:0 LISTENINGNetBIOSTCP 0.0.0.0:445 0.0.0.0:0 LISTENINGCIFS (NetBIOS successor)TCP 0.0.0.0:1026 0.0.0.0:0 LISTENINGSomething RPC knows aboutTCP 0.0.0.0:1027 0.0.0.0:0 LISTENINGSomething RPC knows aboutUDP 0.0.0.0:135 *:*NetBIOSUDP 0.0.0.0:445 *:*CIFS (NetBIOS successor)UDP 0.0.0.0:1025 *:*Something RPC knows aboutUDP 0.0.0.0:38037 *:*Norton AntivirusAs tcpview shows it, it is msgsys.exe, messenger services.UDP 172.20.4.76:500 *:*IKE; VPN working past NATCan you please explain a little further what do you mean by "Something RPC knows about". Thanks and best regards, __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: What does this mean?, (continued)
- RE: What does this mean? David Gillett (Apr 26)
- Re: What does this mean? Ansgar -59cobalt- Wiechers (Apr 27)
- Re: What does this mean? Dedric Ramsey - Ramsey Consulting Svcs (Apr 26)
- Re: What does this mean? Ansgar -59cobalt- Wiechers (Apr 27)
- Re: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? Jason Haith (Apr 26)
- RE: What does this mean? BĂ©noni MARTIN (Apr 26)
- RE: What does this mean? Adnan Ali (Apr 28)
- Re: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? David Gillett (Apr 28)
- RE: What does this mean? Adnan Ali (Apr 30)
- RE: What does this mean? David Gillett (Apr 26)