Firewall Wizards mailing list archives
Help Required
From: Don Tuer <Don_Tuer () dtaadv on ca>
Date: Sat, 13 Jan 2001 17:07:53 -0500
Hello: I just ran nmap on my web server and received the following, rather disturbing picture. I'm quite surprised about the netbios stuff as I have unbound the Microsoft client and server from the nic facing the net. Any help on what these other ports could be would be appreciated. Thanks Don NMAP output Port State Service 25/tcp open smtp 53/tcp open domain 80/tcp open http 119/tcp open nntp 135/tcp open loc-srv 139/tcp open netbios-ssn 389/tcp open ldap 563/tcp open snews 1002/tcp open unknown 1058/tcp open nim 1723/tcp open pptp 3005/tcp open deslogin 6666/tcp open irc-serv 7007/tcp open afs3-bos TCPview output Process:PID Protocol Local Address RemoteAddress Sent Received inetinfo.exe:1104 TCP 0.0.0.0:25 LISTENING DNS.EXE:1076 TCP 0.0.0.0:53 LISTENING inetinfo.exe:1104 TCP 0.0.0.0:80 LISTENING inetinfo.exe:1104 TCP 0.0.0.0:119 LISTENING svchost.exe:428 TCP 0.0.0.0:135 LISTENING svchost.exe:428 UDP 0.0.0.0:135 *:* System:8 TCP 0.0.0.0:445 LISTENING System:8 UDP 0.0.0.0:445 *:* inetinfo.exe:1104 TCP 0.0.0.0:563 LISTENING LSASS.EXE:240 UDP 0.0.0.0:1030 *:* WINLOGON.EXE:200 UDP 0.0.0.0:1046 *:* msdtc.exe:528 TCP 0.0.0.0:1050 LISTENING mstask.exe:972 TCP 0.0.0.0:1056 LISTENING svchost.exe:652 UDP 0.0.0.0:1645 *:* svchost.exe:652 UDP 0.0.0.0:1646 *:* System:8 UDP 0.0.0.0:1701 *:* System:8 TCP 0.0.0.0:1723 LISTENING System:8 TCP 0.0.0.0:1755 LISTENING System:8 UDP 0.0.0.0:1755 *:* svchost.exe:652 UDP 0.0.0.0:1812 *:* svchost.exe:652 UDP 0.0.0.0:1813 *:* dfssvc.exe:1060 UDP 0.0.0.0:3001 *:* DNS.EXE:1076 UDP 0.0.0.0:3004 *:* 46/1447 DNS.EXE:1076 TCP 0.0.0.0:3005 LISTENING ntfrs.exe:816 TCP 0.0.0.0:3006 LISTENING inetinfo.exe:1104 TCP 0.0.0.0:3008 LISTENING ntfrs.exe:816 UDP 0.0.0.0:3009 *:* ntfrs.exe:816 TCP 0.0.0.0:3012 10.1.1.15:1026 27/9365 27/6064 SERVICES.EXE:228 UDP 0.0.0.0:3014 *:* inetinfo.exe:1104 UDP 0.0.0.0:3059 *:* System:8 TCP 0.0.0.0:3071 10.1.1.15:445 38/5449 svchost.exe:652 UDP 0.0.0.0:3079 *:* 2/74 svchost.exe:652 UDP 0.0.0.0:3126 *:* llssrv.exe:668 UDP 0.0.0.0:3166 *:* msdtc.exe:528 TCP 0.0.0.0:3372 LISTENING inetinfo.exe:1104 UDP 0.0.0.0:3456 *:* 4/16 4/16 System:8 TCP 0.0.0.0:6666 LISTENING System:8 TCP 0.0.0.0:7007 LISTENING System:8 TCP 0.0.0.0:7778 LISTENING DNS.EXE:1076 UDP 10.1.1.20:53 *:* System:8 UDP 10.1.1.20:137 *:* 1361/91918 System:8 UDP 10.1.1.20:138 *:* 16/3397 2/536 System:8 TCP 10.1.1.20:139 LISTENING LSASS.EXE:240 UDP 10.1.1.20:500 *:* System:8 TCP 10.1.1.20:3007 10.1.1.15:139 13/3678 240/21061 System:8 TCP 10.1.1.20:3055 10.1.1.12:139 138/17059 317/74554 svchost.exe:652 TCP 10.1.1.20:3076 LISTENING svchost.exe:652 TCP 10.1.1.20:3077 LISTENING svchost.exe:652 TCP 10.1.1.20:3078 LISTENING DNS.EXE:1076 UDP 64.231.73.171:53 *:* System:8 UDP 64.231.73.171:137 *:* 29/1522 System:8 UDP 64.231.73.171:138 *:* System:8 TCP 64.231.73.171:139 LISTENING LSASS.EXE:240 UDP 64.231.73.171:500 *:* DNS.EXE:1076 UDP 127.0.0.1:53 *:* DNS.EXE:1076 UDP 127.0.0.1:3003 *:* 4/16 4/16 svchost.exe:652 UDP 127.0.0.1:3074 *:* 1/0 1/0 svchost.exe:652 UDP 127.0.0.1:3075 *:* 1/0 1/0 DNS.EXE:1076 UDP 169.254.182.212:53 *:* System:8 UDP 169.254.182.212:137 *:* 57/3426 System:8 UDP 169.254.182.212:138 *:* System:8 TCP 169.254.182.212:139 LISTENING LSASS.EXE:240 UDP 169.254.182.212:500 *:* _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Help Required Don Tuer (Jan 15)
- Re: Help Required sim (Jan 16)
- <Possible follow-ups>
- RE: Help Required Ben Nagy (Jan 18)
- RE: Help Required Don Tuer (Jan 18)
- RE: Help Required Ben Nagy (Jan 18)
- re: Help Required Freddie Cash (Jan 18)