Full Disclosure mailing list archives
Re: IIS 5.0 random/fixed TCP/UDP ports
From: Jean-Baptiste Marchand <jbm () hsc fr>
Date: Mon, 10 Nov 2003 23:54:23 +0100
* thalm <thalm () netcabo pt> [01/01/70 - 01:00]:
When viewing the ports associated with inetinfo.exe (Windows 2000 Server with IIS 5.0 in a default configuration) using TCPView I see port 80 (TCP) , 443 (TCP), another TCP strange and random port and one UDP port (3456) Example in one machine: TCP 80 TCP 443 TCP 1055 UDP 3456 Example in another machine: TCP 80 TCP 443 TCP 2086 UDP 3456 Already tried to connect to the random TCP port, and write to it, but the server does not return a thing. What are the random TCP and fixed UDP port for?
As detailed in the IIS 5.0 section of our Windows network services minimization paper, IIS 5.0 runs RPC services over TCP/IP: http://www.hsc.fr/tips/min_srv_res_win.en.html The dynamic TCP port is used by IIS remote administration RPC services. You should also observe a dynamic UDP port. You can check with ifids that RPC services are bound on these endpoints. udp/3456 is used by IIS 5.0 internally. Microsoft finally documented this port a few months ago, see http://support.microsoft.com/?id=327859 Jean-Baptiste Marchand -- Jean-Baptiste.Marchand () hsc fr HSC - http://www.hsc.fr/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IIS 5.0 random/fixed TCP/UDP ports thalm (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Jean-Baptiste Marchand (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Frank Knobbe (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Valdis . Kletnieks (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Lan Guy (Nov 11)
- Re: IIS 5.0 random/fixed TCP/UDP ports Frank Knobbe (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Jean-Baptiste Marchand (Nov 10)