RE: TCP port 41523

["Brass, Phil (ISS Atlanta)" <PBrass () iss net>]

I hate to give away professional secrets here, but I frequently use
Google to give me an idea of what might be running on an unidentified
port:
http://www.google.com/search?q=TCP+41523

Looks like more arcserve to me...

Phil

> -----Original Message-----
> From: Patrick Webster [mailto:aushack () tpg com au] 
> Sent: Tuesday, June 03, 2003 8:35 PM
> To: pen-test () securityfocus com
> Subject: TCP port 41523
>
>
> Hi All,
>
> Whilst doing a pen-test I came across a Windows NT4 box with 
> IIS4. After doing a port scan, I noticed, among others, that 
> port 41523 was open.
>
> Using Amap, the result returned is unknown, however the data given is:
>
> Response received from xxx.xxx.xxx.xxx port 41523 tcp (length 
> 8 bytes):
> 0000:   424e 4532 3937 4400 
> ASCII:  "NETBIOS_HOSTNAME"    <= I've replaced the real hostname
> Unidentified ports: 41523/tcp (total 1).
>
> I've searched google without any luck. Does anyone know what 
> this may be? I don't have access to the machine to run 
> fport.exe or similar. Below is the results of an Nmap, if it helps.
>
> ort       State       Service
> 21/tcp     open        ftp
> 22/tcp     open        ssh
> 80/tcp     open        http
> 81/tcp     open        hosts2-ns
> 88/tcp     open        kerberos-sec
> 135/tcp    open        loc-srv
> 139/tcp    open        netbios-ssn
> 443/tcp    open        https
> 1027/tcp   open        IIS
> 1038/tcp   open        unknown
> 1041/tcp   open        unknown
> 1433/tcp   open        ms-sql-s
> 4899/tcp   open        radmin
> 6050/tcp   open        arcserve
> 8314/tcp   open        unknown
> 41523/tcp  open        unknown
>
> Thanks,
>
> -Patrick
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------