Penetration Testing mailing list archives
Unusual ports found in nmap scan
From: kiwi99 () hushmail com
Date: Wed, 27 Feb 2002 10:12:01 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All I'm currently pentesting a client and nmap reports that a particular host has the following ports open: 82/tcp 445/tcp 447/tcp All other ports are filtered - the host is behind a Check Point firewall. Nmap OS identification states it's very unreliable as it can't find a closed port, but suggests FreeBSD or D-Link. The IP address has no DNS name, and as you can see no web/mail services are running (these are handled by other servers on the subnet). RFC1700 states that these ports are xfer, microsoft-ds and DDM-RDB respectively. Clearly the client could be running anything on these ports - netcat reveals no banner information at all. I can't find any meaningful info on the xfer utility. DDM-RDB information suggests that it's an AS/400 protocol. That's rather contradicted by microsoft-ds which implies it's a Win2K box. Does anyone have any further information on these ports and what sort of application might be running using these open ports (assuming they are what they say they are!) Also assuming it's Win2K are there any tools for enumeration on port 445? All help appreciated Dave Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlsEARECABsFAjx9Ic4UHGtpd2k5OUBodXNobWFpbC5jb20ACgkQHE/0wvT4MVRnPwCf UZTDj9+KVg3PYlYCQbDjeIldekIAn3PG/zwvpnGK53FX1Zvolh3nZrQW =zz2v -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Unusual ports found in nmap scan kiwi99 (Feb 28)