Security Incidents mailing list archives

RE: Strange set of TCP ports

From: "Chris Bell" <CBell () dataprise com>
Date: Tue, 20 Apr 2004 10:24:17 -0400



www.foundstone.com 

Go to Resources -> Free Tools and check out Vision.  I use it for this
exact purpose.  

(Used it last weeek...Had to disprove to a junior pen-tester consultant
that port 1813 was being used by backup exec remote agent on server, not
some random hacktool he found on google)

-----------------------------------------------------------

Chris Bell, MCSE, CCNA, CQS WLAN-FE
Network Engineer
Dataprise, Inc
Manage your business, not your network.


-----Original Message-----
From: mgotts () 2roads com [mailto:mgotts () 2roads com] 
Sent: Monday, April 19, 2004 4:10 PM
To: Harlan Carvey
Cc: Incidents; Raistlin
Subject: Re: Strange set of TCP ports

Run openports.exe from DiamondCS on the suspect boxen.
 If you don't have physical access, but do have admin
access, use psexec.exe from SysInternals, as well.


psexec.exe from SysInternals is a remote program execution utility. I
use 
it now and then, and am not aware of any capability to have it list
ports 
in use and what programs are using them.

SysInternals probably does have such a utility, but I'm not sure what it

is off the top of my head.

-- Mark



--- Raistlin <raistlin () gioco net> wrote:

Greetings,

can someone help me in identifying the following
strange subset of open 
TCP ports ?
3687/tcp open  unknown
3688/tcp open  unknown
3689/tcp open  rendezvous
3690/tcp open  unknown
3691/tcp open  unknown

Googling or looking at the usual known ports lists
do not yield any 
results. I'd like to identify this beast if
possible. Thanks in advance.

Stefano

------------------------------------------------------------------------
---

------------------------------------------------------------------------
----

------------------------------------------------------------------------
---

------------------------------------------------------------------------
----

ForwardSourceID:NT000844F2


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----





---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Strange set of TCP ports, (continued)
- - Re: Strange set of TCP ports mgotts (Apr 19)
    - Re: Strange set of TCP ports Shashank Rai (Apr 20)
    - Re: Strange set of TCP ports Josh Tolley (Apr 20)
    - RE: Strange set of TCP ports Benjamin Tomhave (Apr 20)
    - Re: Strange set of TCP ports Scott Weeks (Apr 21)
- Re: Strange set of TCP ports Jim Matthews (Apr 20)
- RE: Strange set of TCP ports Steven Trewick (Apr 19)
- RE: Strange set of TCP ports Schmehl, Paul L (Apr 19)
- RE: Strange set of TCP ports J Jason Bridge (Apr 19)
- RE: Strange set of TCP ports Romulo M. Cholewa (Apr 20)
- RE: Strange set of TCP ports Chris Bell (Apr 20)
- Re: Strange set of TCP ports Raistlin (Apr 22)
- RE: Strange set of TCP ports Meidinger Chris (Apr 23)