Security Basics mailing list archives
RE: What does this mean?
From: Adnan Ali <call_ret () yahoo com>
Date: Fri, 30 Apr 2004 05:25:41 -0700 (PDT)
Alright, thanks for correction. Yes Vision is a pretty good tool with a lot of features. tcpview as against this provides only the information about ports that I required. Thanks and best regards, --- Chris Gordon <chris.gordon () gettyimages com> wrote:
nope actually it's any source address going to the source port of 135. the 0.0.0.0:0 next to it is just saying hey I'm open. So pretty much ignore (unless Vision says an application to it) the port 0 entries, it's just the ones with ports that are open. I hope you liked using Vision, it's a pretty cool tool, IMHO. peace C Gordon -----Original Message----- From: Adnan Ali [mailto:call_ret () yahoo com] Sent: Wednesday, April 28, 2004 6:42 AM To: Chris Gordon; security-basics () securityfocus com Subject: RE: What does this mean? --- Chris Gordon <chris.gordon () gettyimages com> wrote:Adnan, This is actually a pretty typically output for a Win2k system. You can find out which applications are listeningoneach port by running Vision v1.0 from foundstone. Resources -> Free Tools -> Forensic Tools ->Visionv1.0
http://www.foundstone.com/resources/proddesc/vision.htm
When you see the 0.0.0.0:port# that port is opened up locally on the system whereas the 172.20.4.76:500 means that that portislistening for remote connections.What do you mean? I think when I see TCP 0.0.0.0:135 0.0.0.0:0 LISTENING it means all local IPs at port 135 are listening for incoming connection requests from all remote IPs using any port as source port. Please correct me if this is not so.I hope this helps peace C GordonThanks for your help.-----Original Message----- From: Adnan Ali [mailto:call_ret () yahoo com] Sent: Monday, April 26, 2004 5:59 AM To: security-basics () securityfocus com Subject: What does this mean? Hello all, I have a simple question and I hope to get ananswerfrom the experts on this list. I have a PC running Windows 2000 Prof, and when Idoa netstat -an, I get the following: Active Connections: Proto Local Addr Foreign Addr State ============================================ TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING UDP 0.0.0.0:135 *:*UDP 0.0.0.0:445 *:*UDP 0.0.0.0:1025 *:*UDP 0.0.0.0:38037 *:*UDP 172.20.4.76:500 *:*I get this output even when I am running nonetworkapplication on the machine. Of course, this all seems quite suspicious. Can somebody please help me figure out what isgoingon? At least find the respective applications listening on various ports.?? Thanks and best regards, __________________________________ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25� http://photos.yahoo.com/ph/print_splash
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteedtobe 10 students or less to facilitate one-on-one interaction with one ofourexpert instructors. Attend a course taught by an expert instructorwithyears of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
=======================================================
This email and its contents are confidential. Ifyouare not the intended recipient, please do not disclose or use the information within this email or its attachments. If you have received this email in error, please delete it immediately. Thank you.
=======================================================
__________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover
=======================================================
This email and its contents are confidential. If you are not the intended recipient, please do not disclose or use the information within this email or its attachments. If you have received this email in error, please delete it immediately. Thank you.
======================================================= __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: What does this mean?, (continued)
- Re: What does this mean? Ansgar -59cobalt- Wiechers (Apr 27)
- Re: What does this mean? Dedric Ramsey - Ramsey Consulting Svcs (Apr 26)
- Re: What does this mean? Ansgar -59cobalt- Wiechers (Apr 27)
- Re: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? Jason Haith (Apr 26)
- RE: What does this mean? Bénoni MARTIN (Apr 26)
- RE: What does this mean? Adnan Ali (Apr 28)
- Re: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? Adnan Ali (Apr 28)
- RE: What does this mean? David Gillett (Apr 28)
- RE: What does this mean? Adnan Ali (Apr 30)