Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Unusual ports found in nmap scan

From: kiwi99 () hushmail com
Date: Wed, 27 Feb 2002 10:12:01 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello All

I'm currently pentesting a client and nmap reports that a particular host has the following ports open:
82/tcp
445/tcp
447/tcp

All other ports are filtered - the host is behind a Check Point firewall.
Nmap OS identification states it's very unreliable as it can't find a closed port, but suggests FreeBSD or D-Link.

The IP address has no DNS name, and as you can see no web/mail services are running (these are handled by other servers 
on the subnet).

RFC1700 states that these ports are xfer, microsoft-ds and DDM-RDB respectively.  Clearly the client could be running 
anything on these ports - netcat reveals no banner information at all.

I can't find any meaningful info on the xfer utility.
DDM-RDB information suggests that it's an AS/400 protocol.
That's rather contradicted by microsoft-ds which implies it's a Win2K box.

Does anyone have any further information on these ports and what sort of application might be running using these open 
ports (assuming they are what they say they are!)

Also assuming it's Win2K are there any tools for enumeration on port 445?

All help appreciated

Dave


Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlsEARECABsFAjx9Ic4UHGtpd2k5OUBodXNobWFpbC5jb20ACgkQHE/0wvT4MVRnPwCf
UZTDj9+KVg3PYlYCQbDjeIldekIAn3PG/zwvpnGK53FX1Zvolh3nZrQW
=zz2v
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: