Security Incidents mailing list archives

RE: Port Zero

From: "Jim Harrison (ISA)" <jmharr () microsoft com>
Date: Mon, 18 Jul 2005 08:50:07 -0700

This is correct.
Netstat is showing you that those listeners are waiting to accept
traffic from (Foreign address) any IP (0.0.0.0) and any port (:0).

Jim Harrison
Security Business Unit (ISA SE)
"When you come to a fork in the road, take it."

--Yogi Berra 


-----Original Message-----
From: Wimpie du Plessis [mailto:wimpie () issecurity co za] 
Sent: Sunday, July 17, 2005 11:59 PM
To: omibaba () gmail com; incidents () securityfocus com
Subject: RE: Port Zero

Hi, I would think that it is cause it is listening and therefore it wont
know the foreign address source port, thats why it is set to zero, it
will
accept any src port coming into that listening port.

-----Original Message-----
From: omibaba () gmail com [mailto:omibaba () gmail com] 
Sent: Saturday, July 16, 2005 6:14 AM
To: incidents () securityfocus com
Subject: Port Zero

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1028           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1054           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1307           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1344           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1445           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1447           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1452           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1453           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1455           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1460           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1465           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1466           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1469           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1491           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1496           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1498           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1507           0.0.0.0:0              LISTENING

Above is the output of netstat -an |more

Guys / Gals Do you know what means port zero in Windoze Platform ? I
know
the answer but jst wanted to know anyone has a better explaination.

In Unix Family port zero is used for socket programming but not the same
in
Windoze family.

I have asked this question in many programs of mine in CEH - Certfied
Ethical Hacking but still awaiting for answers. Lemme see if can get
some
answers for this post!!!!

Ciao

Baba
CEO
Appsec

Current thread:

Re: Port Zero, (continued)
- Re: Port Zero STRAMBO (Jul 17)
- Re: Port Zero Ron (Jul 17)
  - Re: Port Zero Lee Dilkie (Jul 18)
    - mysql attack Pall Thayer (Jul 19)
    - Re: mysql attack Joel Esler (Jul 19)
    - Re: mysql attack W. Guhan Iyer (Jul 19)
    - Re: mysql attack Pall Thayer (Jul 21)
- Re: Port Zero Pieter de Boer (Jul 17)
- RE: Port Zero Wimpie du Plessis (Jul 18)
- Re: Port Zero windows (Jul 17)
- RE: Port Zero Jim Harrison (ISA) (Jul 18)
- Re: Port Zero nony101 (Jul 19)
  - Re: Port Zero Harlan Carvey (Jul 19)
  - Re: Port Zero Andrew Simmons (Jul 19)