Nmap Development mailing list archives

RPC over HTTP

From: "Jon-Erik" <jonerik () myway com>
Date: Fri, 4 Mar 2005 02:38:43 -0500 (EST)


I do a lot of work (unfortunately) with Windows 2003 servers. I've noticed that nmap returns ports 6000, 6002, and 6004 
as X server ports, which, of course, they are on nix systems. But, on a 2k3 server the pattern of these three ports 
being open means an Exchange server has implemented RPC over HTTP, which is allegedly a safer way of having Outlook 
"just work" remotely.

Without any specific knowledge, I imagine this is a source of many potential vulnerabilities and so anyone hardening a 
2k3 server will need to check for it, and, also, it's a pretty clear pattern in terms of OS detection.

Has that been addressed yet? (I'm new to the list)


_______________________________________________
No banners. No pop-ups. No kidding.
Make My Way your home on the Web - http://www.myway.com

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

RPC over HTTP Jon-Erik (Mar 03)
- Re: RPC over HTTP Martin Mačok (Mar 03)
- <Possible follow-ups>
- Re: RPC over HTTP Jon-Erik (Mar 04)
  - Re: RPC over HTTP Martin Mačok (Mar 04)
- Re: RPC over HTTP Jon-Erik (Mar 04)
  - Re: RPC over HTTP (ncacn_http) Martin Mačok (Mar 05)
- Re: RPC over HTTP Alan Jones (Mar 06)
  - Re: RPC over HTTP Martin Mačok (Mar 07)
- Re: RPC over HTTP Jon-Erik (Mar 06)