RE: Port 8081 mystery

["Young, Randy" <RWYoung () verisign com>]

Just by chance are you running McAfee ePolicy Orchestrator?  That also
uses port 8081.

Randy 

> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of WALI
> Sent: Tuesday, January 23, 2007 10:07 AM
> To: security-basics () securityfocus com
> Subject: Port 8081 mystery
>
> HI list...
>
> I ran a nmap scan on quite a few machines on my internal 
> subnet and one port that appears on all those scans, 
> especially the machines that are still running adequately 
> patched but older Windows 2000 workstations, is tcp 8081. 
> Though nmap shows this as blackice-icecap port I do not find 
> any such application running in task manager neither is this 
> installed.
>
> nestat-a just lists this port as 'Listening' and does not 
> list any application name assigned to it, so why is this port 
> there? Who is using this? I have ran antivirus scan and 
> spybot checker just to rule out any malware possibilities.
>
> Nessus Scan (tis weeks plugin feed) does not show this port 
> listed amongst any vulnerability.
>
> Here is the nmap output:
>
> SuSE101:/home/root # nmap -O 192.168.126.245 --osscan-guess 
> Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 
> 2007-01-23 11:10 GST Interesting ports on 192.168.126.245:
> (The 1667 ports scanned but not shown below are in state: closed)
> PORT     STATE SERVICE
> 135/tcp  open  msrpc
> 139/tcp  open  netbios-ssn
> 445/tcp  open  microsoft-ds
> 2030/tcp open  device2
> 8081/tcp open  blackice-icecap
> Device type: general purpose
> Running: Microsoft Windows NT/2K/XP
> OS details: Microsoft Windows 2000 SP4 or XP SP1
>
> Nmap finished: 1 IP address (1 host up) scanned in 1.107 seconds