Firewall Wizards mailing list archives

re: Help Required

From: "Freddie Cash" <fcash () bigfoot com>
Date: Wed, 17 Jan 2001 23:36:18 -0800

Hello:

 I just ran nmap on my web server and received the following, rather
disturbing picture. I'm quite surprised about the netbios stuff as I have
unbound the Microsoft client and server from the nic facing the net. Any
help on what these other ports could be would be appreciated.


If this is on NT 3.x or 4.x, you have to install the MS Loopback 
connector and bind NetBIOS to that as well as un-binding it from the 
other adapters.

For more details on the above, check http://www.grc.com

NMAP output
Port       State       Service
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
119/tcp    open        nntp
135/tcp    open        loc-srv
139/tcp    open        netbios-ssn
389/tcp    open        ldap
563/tcp    open        snews
1002/tcp   open        unknown
1058/tcp   open        nim
1723/tcp   open        pptp
3005/tcp   open        deslogin
6666/tcp   open        irc-serv
7007/tcp   open        afs3-bos


Looks like you are running a mail server (port 25), a web server (80, 
53), a news server (119, 563), an ldap server (389), an IRC server 
(6666), and an MS VPN client (1723).

If you aren't running these services knowingly, then it would be wise to 
go through the control panel, msconfig.exe, the registry Run/RunServices 
sections, and the startup folders to see where these are being run from, 
and remove them.  Also, check your IIS/Exchange settings for what 
services are being run by default.

MS products are known for their "Run Everything by Default" 
configurations.  It's up to the admins to go through and turn off what 
they don't want.

HTH,
Cheers,
Freddie
fcash () bigfoot com

----------
I know that you believe you understand what you think
I said, but I am not sure that you realise that what
you heard is not what I meant.
   - Poster at my Baba's

For my public PGP key, send e-mail with subject:
                       PGP KEY REQUEST
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Help Required Don Tuer (Jan 15)
- Re: Help Required sim (Jan 16)
- <Possible follow-ups>
- RE: Help Required Ben Nagy (Jan 18)
- RE: Help Required Don Tuer (Jan 18)
- RE: Help Required Ben Nagy (Jan 18)
- re: Help Required Freddie Cash (Jan 18)