Re: Port 8081 mystery

["George A. Theall" <theall () tifaware com>]

On Tue, Jan 23, 2007 at 10:07:26PM +0400, WALI wrote:

> I ran a nmap scan on quite a few machines on my internal subnet and one 
> port that appears on all those scans, especially the machines that are 
> still running adequately patched but older Windows 2000 workstations, is 
> tcp 8081. Though nmap shows this as blackice-icecap port I do not find any 
> such application running in task manager neither is this installed.
>
> nestat-a just lists this port as 'Listening' and does not list any 
> application name assigned to it, 

Since you have access to the box, you may want to try running a tool
like SysInternal's TCPView:

  http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx

That should tell you which process is listening on that port. From there,
you should be able to get a better idea of what it's for.

> Nessus Scan (tis weeks plugin feed) does not show this port listed amongst 
> any vulnerability.

Be sure to:

  1) Make sure 8081 is included in the port range used for your scans,
     otherwise Nessus won't test it at all.
  2) Make sure you enable "Thorough tests" so that Nessus will look
     harder for servers on non-standard ports.
  3) Make sure you configure the client so that "Test SSL based 
     services" is set to "ALL" so that Nessus will look for SSL-enabled
     services on non-standard ports.


George
-- 
theall () tifaware com

Attachment: _bin
Description: