Re: Unusual ports found in nmap scan

["Mehmet Murat Gunsay" <mgunsay () btkom com>]

445/tcp suggests the box is W2K and is running netbios, which is pretty much
the equivalent of 139/tcp on NT boxes.  Try running dumpsec from
somarsoft.

Mehmet Murat Gunsay
BTKOM A.S.
http://www.btkom.com
mgunsay () btkom com     murat () gunsay com
PGP Key ID: 0xDDE611E1




----- Original Message -----
From: <kiwi99 () hushmail com>
To: <pen-test () securityfocus com>
Sent: Wednesday, February 27, 2002 8:12 PM
Subject: Unusual ports found in nmap scan


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello All
>
> I'm currently pentesting a client and nmap reports that a particular host has the following ports open:
> 82/tcp
> 445/tcp
> 447/tcp
>
> All other ports are filtered - the host is behind a Check Point firewall.
> Nmap OS identification states it's very unreliable as it can't find a closed port, but suggests FreeBSD or D-Link.
>
> The IP address has no DNS name, and as you can see no web/mail services are running (these are handled by other 
> servers on the
subnet).
> RFC1700 states that these ports are xfer, microsoft-ds and DDM-RDB respectively.  Clearly the client could be running 
> anything on
these ports - netcat reveals no banner information at all.
> I can't find any meaningful info on the xfer utility.
> DDM-RDB information suggests that it's an AS/400 protocol.
> That's rather contradicted by microsoft-ds which implies it's a Win2K box.
>
> Does anyone have any further information on these ports and what sort of application might be running using these 
> open ports
(assuming they are what they say they are!)
> Also assuming it's Win2K are there any tools for enumeration on port 445?
>
> All help appreciated
>
> Dave
>
>
> Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
> HushMail Secure Email http://www.hushmail.com/
> HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
> Hush Business - security for your Business http://www.hush.com/
> Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.com
>
> wlsEARECABsFAjx9Ic4UHGtpd2k5OUBodXNobWFpbC5jb20ACgkQHE/0wvT4MVRnPwCf
> UZTDj9+KVg3PYlYCQbDjeIldekIAn3PG/zwvpnGK53FX1Zvolh3nZrQW
> =zz2v
> -----END PGP SIGNATURE-----
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/