Penetration Testing mailing list archives

Re: Unusual ports found in nmap scan

From: Nessim Kisserli <nessim.kisserli () rhul ac uk>
Date: Fri, 1 Mar 2002 13:30:27 +0000

hi Dave,

NtWaK0 released an advisory to bugtraq on 15/02/2002 dealing with port 445, 
here's a quick extract:

        TCP/UPD port 445 is open by default on a Fresh installed XP box.        :
        The attack is seriouse since it work remotly and can make the CPU 100 % :
        in less then 20 Second.

you can find the full text at:
http://online.securityfocus.com/archive/1/256830

it might not help with port enumeration but it could shed some light on the 
machine's os..

good luck,
nessim


On Wednesday 27 Feb 2002 6:12 pm, you wrote:

Hello All

I'm currently pentesting a client and nmap reports that a particular host
has the following ports open: 82/tcp
445/tcp
447/tcp


<snip>

Does anyone have any further information on these ports and what sort of
application might be running using these open ports (assuming they are what
they say they are!)

Also assuming it's Win2K are there any tools for enumeration on port 445?

All help appreciated

Dave


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re: Unusual ports found in nmap scan Mehmet Murat Gunsay (Mar 01)
- <Possible follow-ups>
- Re: Unusual ports found in nmap scan Nessim Kisserli (Mar 01)
  - Re: Unusual ports found in nmap scan Aaron Higbee (Mar 01)