Nmap Development mailing list archives
RPC over HTTP
From: "Jon-Erik" <jonerik () myway com>
Date: Fri, 4 Mar 2005 02:38:43 -0500 (EST)
I do a lot of work (unfortunately) with Windows 2003 servers. I've noticed that nmap returns ports 6000, 6002, and 6004 as X server ports, which, of course, they are on nix systems. But, on a 2k3 server the pattern of these three ports being open means an Exchange server has implemented RPC over HTTP, which is allegedly a safer way of having Outlook "just work" remotely. Without any specific knowledge, I imagine this is a source of many potential vulnerabilities and so anyone hardening a 2k3 server will need to check for it, and, also, it's a pretty clear pattern in terms of OS detection. Has that been addressed yet? (I'm new to the list) _______________________________________________ No banners. No pop-ups. No kidding. Make My Way your home on the Web - http://www.myway.com --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- RPC over HTTP Jon-Erik (Mar 03)
- Re: RPC over HTTP Martin Mačok (Mar 03)
- <Possible follow-ups>
- Re: RPC over HTTP Jon-Erik (Mar 04)
- Re: RPC over HTTP Martin Mačok (Mar 04)
- Re: RPC over HTTP Jon-Erik (Mar 04)
- Re: RPC over HTTP (ncacn_http) Martin Mačok (Mar 05)
- Re: RPC over HTTP Alan Jones (Mar 06)
- Re: RPC over HTTP Martin Mačok (Mar 07)
- Re: RPC over HTTP Jon-Erik (Mar 06)