Re: What is iad1 1030/tcp BBN IAD

[Pavel Kankovsky <peak () argo troja mff cuni cz>]

On Wed, 16 May 2001, VanMeter, John wrote:

> I did a scan of a NT 4.0 SP6a server and found the following
> iad1 1030/tcp BBN IAD

This is probably a dynamically assigned port (or one of them) used by a
program supporting MS RPC over TCP. There is a program out there that can
query the "portmapper" listening on port 135/tcp, dump the list of MS RPC
servers, and--if you are lucky--provide some clues regarding the nature of
a service running on a given port, e.g.

IfId: 469d6ec0-0d87-11ce-b13f-00aa003bac6c version 16.0
Annotation: MS Exchange System Attendant Public Interface
UUID: 469d6ec0-0d87-11ce-b13f-00aa003bac6c
Binding: ncacn_ip_tcp:172.16.15.37[1058]
RpcMgmtInqIfIds succeeded
Interfaces: 4
  469d6ec0-0d87-11ce-b13f-00aa003bac6c v16.0
  83d72bf0-0d89-11ce-b13f-00aa003bac6c v6.0
  67df7c70-0f04-11ce-b13f-00aa003bac6c v3.0
  06ed1d30-d3d3-11cd-b80e-00aa004b9c30 v1.0
RpcMgmtInqServerPrincName succeeded
Name: MSExchangeSA
RpcMgmtInqStats succeeded
  Stats[0]: 60342
  Stats[1]: 0
  Stats[2]: 48
  Stats[3]: 51

Look for a file called (approximately) rpctools-1.0.zip. If you have the
package where Microsoft puts all useful stuff they neglect to include in
the base system (resource kit?), you may find a similar program there.

(BTW: I have a feeling MS RPC is a can of worms waiting to be open.)

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."