Firewall Wizards mailing list archives
Help Required
From: Don Tuer <Don_Tuer () dtaadv on ca>
Date: Sat, 13 Jan 2001 17:07:53 -0500
Hello:
I just ran nmap on my web server and received the following, rather
disturbing picture. I'm quite surprised about the netbios stuff as I have
unbound the Microsoft client and server from the nic facing the net. Any
help on what these other ports could be would be appreciated.
Thanks
Don
NMAP output
Port State Service
25/tcp open smtp
53/tcp open domain
80/tcp open http
119/tcp open nntp
135/tcp open loc-srv
139/tcp open netbios-ssn
389/tcp open ldap
563/tcp open snews
1002/tcp open unknown
1058/tcp open nim
1723/tcp open pptp
3005/tcp open deslogin
6666/tcp open irc-serv
7007/tcp open afs3-bos
TCPview output
Process:PID Protocol Local Address RemoteAddress Sent
Received inetinfo.exe:1104 TCP 0.0.0.0:25 LISTENING
DNS.EXE:1076 TCP 0.0.0.0:53 LISTENING
inetinfo.exe:1104 TCP 0.0.0.0:80 LISTENING
inetinfo.exe:1104 TCP 0.0.0.0:119 LISTENING
svchost.exe:428 TCP 0.0.0.0:135 LISTENING
svchost.exe:428 UDP 0.0.0.0:135 *:*
System:8 TCP 0.0.0.0:445 LISTENING
System:8 UDP 0.0.0.0:445 *:*
inetinfo.exe:1104 TCP 0.0.0.0:563 LISTENING
LSASS.EXE:240 UDP 0.0.0.0:1030 *:*
WINLOGON.EXE:200 UDP 0.0.0.0:1046 *:*
msdtc.exe:528 TCP 0.0.0.0:1050 LISTENING
mstask.exe:972 TCP 0.0.0.0:1056 LISTENING
svchost.exe:652 UDP 0.0.0.0:1645 *:*
svchost.exe:652 UDP 0.0.0.0:1646 *:*
System:8 UDP 0.0.0.0:1701 *:*
System:8 TCP 0.0.0.0:1723 LISTENING
System:8 TCP 0.0.0.0:1755 LISTENING
System:8 UDP 0.0.0.0:1755 *:*
svchost.exe:652 UDP 0.0.0.0:1812 *:*
svchost.exe:652 UDP 0.0.0.0:1813 *:*
dfssvc.exe:1060 UDP 0.0.0.0:3001 *:*
DNS.EXE:1076 UDP 0.0.0.0:3004 *:* 46/1447
DNS.EXE:1076 TCP 0.0.0.0:3005 LISTENING
ntfrs.exe:816 TCP 0.0.0.0:3006 LISTENING
inetinfo.exe:1104 TCP 0.0.0.0:3008 LISTENING
ntfrs.exe:816 UDP 0.0.0.0:3009 *:*
ntfrs.exe:816 TCP 0.0.0.0:3012 10.1.1.15:1026 27/9365 27/6064
SERVICES.EXE:228 UDP 0.0.0.0:3014 *:*
inetinfo.exe:1104 UDP 0.0.0.0:3059 *:*
System:8 TCP 0.0.0.0:3071 10.1.1.15:445 38/5449
svchost.exe:652 UDP 0.0.0.0:3079 *:* 2/74
svchost.exe:652 UDP 0.0.0.0:3126 *:*
llssrv.exe:668 UDP 0.0.0.0:3166 *:*
msdtc.exe:528 TCP 0.0.0.0:3372 LISTENING
inetinfo.exe:1104 UDP 0.0.0.0:3456 *:* 4/16 4/16
System:8 TCP 0.0.0.0:6666 LISTENING
System:8 TCP 0.0.0.0:7007 LISTENING
System:8 TCP 0.0.0.0:7778 LISTENING
DNS.EXE:1076 UDP 10.1.1.20:53 *:*
System:8 UDP 10.1.1.20:137 *:* 1361/91918
System:8 UDP 10.1.1.20:138 *:* 16/3397 2/536
System:8 TCP 10.1.1.20:139 LISTENING
LSASS.EXE:240 UDP 10.1.1.20:500 *:*
System:8 TCP 10.1.1.20:3007 10.1.1.15:139 13/3678 240/21061
System:8 TCP 10.1.1.20:3055 10.1.1.12:139 138/17059
317/74554
svchost.exe:652 TCP 10.1.1.20:3076 LISTENING
svchost.exe:652 TCP 10.1.1.20:3077 LISTENING
svchost.exe:652 TCP 10.1.1.20:3078 LISTENING
DNS.EXE:1076 UDP 64.231.73.171:53 *:*
System:8 UDP 64.231.73.171:137 *:* 29/1522
System:8 UDP 64.231.73.171:138 *:*
System:8 TCP 64.231.73.171:139 LISTENING
LSASS.EXE:240 UDP 64.231.73.171:500 *:*
DNS.EXE:1076 UDP 127.0.0.1:53 *:*
DNS.EXE:1076 UDP 127.0.0.1:3003 *:* 4/16 4/16
svchost.exe:652 UDP 127.0.0.1:3074 *:* 1/0 1/0
svchost.exe:652 UDP 127.0.0.1:3075 *:* 1/0 1/0
DNS.EXE:1076 UDP 169.254.182.212:53 *:*
System:8 UDP 169.254.182.212:137 *:* 57/3426
System:8 UDP 169.254.182.212:138 *:*
System:8 TCP 169.254.182.212:139 LISTENING
LSASS.EXE:240 UDP 169.254.182.212:500 *:*
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Help Required Don Tuer (Jan 15)
- Re: Help Required sim (Jan 16)
- <Possible follow-ups>
- RE: Help Required Ben Nagy (Jan 18)
- RE: Help Required Don Tuer (Jan 18)
- RE: Help Required Ben Nagy (Jan 18)
- re: Help Required Freddie Cash (Jan 18)