Security Basics mailing list archives
RE: Port 8081 mystery
From: "Gressick, Michael" <mgressick () cybersource com>
Date: Tue, 23 Jan 2007 15:42:13 -0800
Try running TCPView.exe on one of the machines. It will report which process "owns" the listening port. http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of WALI Sent: Tuesday, January 23, 2007 10:07 AM To: security-basics () securityfocus com Subject: Port 8081 mystery HI list... I ran a nmap scan on quite a few machines on my internal subnet and one port that appears on all those scans, especially the machines that are still running adequately patched but older Windows 2000 workstations, is tcp 8081. Though nmap shows this as blackice-icecap port I do not find any such application running in task manager neither is this installed. nestat-a just lists this port as 'Listening' and does not list any application name assigned to it, so why is this port there? Who is using this? I have ran antivirus scan and spybot checker just to rule out any malware possibilities. Nessus Scan (tis weeks plugin feed) does not show this port listed amongst any vulnerability. Here is the nmap output: SuSE101:/home/root # nmap -O 192.168.126.245 --osscan-guess Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2007-01-23 11:10 GST Interesting ports on 192.168.126.245: (The 1667 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2030/tcp open device2 8081/tcp open blackice-icecap Device type: general purpose Running: Microsoft Windows NT/2K/XP OS details: Microsoft Windows 2000 SP4 or XP SP1 Nmap finished: 1 IP address (1 host up) scanned in 1.107 seconds
Current thread:
- Re: Password Pride - A Humorous Vulnerability, (continued)
- Re: Password Pride - A Humorous Vulnerability RS (Jan 22)
- RE: Password Pride - A Humorous Vulnerability Murda Mcloud (Jan 23)
- Message not available
- Highlighting weak password dangers WALI (Jan 24)
- RE: Highlighting weak password dangers Simon W. Hall (Jan 25)
- RE: Highlighting weak password dangers Scott Ramsdell (Jan 26)
- Re: Highlighting weak password dangers Manuel Arostegui Ramirez (Jan 26)
- Re: Highlighting weak password dangers Alexander Bolante (Jan 30)
- Re: Highlighting weak password dangers anesde (Jan 31)
- Re: Password Pride - A Humorous Vulnerability RS (Jan 22)
- Message not available
- Re: Port 8081 mystery WALI (Jan 24)
- Message not available
- Port 8081 mystery WALI (Jan 23)
- RE: Port 8081 mystery Gressick, Michael (Jan 24)
- Re: Port 8081 mystery Brian . D . Turk (Jan 24)
- RE: Port 8081 mystery Remad (Jan 24)
- Re: Port 8081 mystery George A. Theall (Jan 24)
- Re: Port 8081 mystery Johnny Wong (Jan 24)
- RE: Port 8081 mystery Sandro, Herpich (Jan 24)
- RE: Port 8081 mystery Christopher A. Libby (Jan 25)
- Re: Port 8081 mystery Alcides (Jan 24)
- Re: Port 8081 mystery Steven Nixon (Jan 25)
- Re: Port 8081 mystery Lukasz (Jan 24)