Full Disclosure mailing list archives

Re: IIS 5.0 random/fixed TCP/UDP ports

From: Jean-Baptiste Marchand <jbm () hsc fr>
Date: Mon, 10 Nov 2003 23:54:23 +0100

* thalm <thalm () netcabo pt> [01/01/70 - 01:00]:

When viewing the ports associated with inetinfo.exe (Windows 2000
Server with IIS 5.0 in a default configuration) using TCPView I see
port 80 (TCP) , 443 (TCP), another TCP strange and random port and one
UDP port (3456)
 
Example in one machine: TCP 80 TCP 443 TCP 1055 UDP 3456
 
Example in another machine: TCP 80 TCP 443 TCP 2086 UDP 3456
 
Already tried to connect to the random TCP port, and write to it, but
the server does not return a thing.  What are the random TCP and fixed
UDP port for?


As detailed in the IIS 5.0 section of our Windows network services
minimization paper, IIS 5.0 runs RPC services over TCP/IP:

        http://www.hsc.fr/tips/min_srv_res_win.en.html

The dynamic TCP port is used by IIS remote administration RPC services.

You should also observe a dynamic UDP port. You can check with ifids
that RPC services are bound on these endpoints.

udp/3456 is used by IIS 5.0 internally. Microsoft finally documented
this port a few months ago, see 

        http://support.microsoft.com/?id=327859


Jean-Baptiste Marchand
-- 
Jean-Baptiste.Marchand () hsc fr
HSC - http://www.hsc.fr/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

IIS 5.0 random/fixed TCP/UDP ports thalm (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Jean-Baptiste Marchand (Nov 10)
  - Re: IIS 5.0 random/fixed TCP/UDP ports Frank Knobbe (Nov 10)
    - Re: IIS 5.0 random/fixed TCP/UDP ports Valdis . Kletnieks (Nov 10)
    - Re: IIS 5.0 random/fixed TCP/UDP ports Lan Guy (Nov 11)