Penetration Testing mailing list archives

Re: tcp port 999

From: "Erik Birkholz" <erik () foundstone com>
Date: Thu, 26 Aug 2004 00:06:09 -0700

Given my 2 assumptions:
1. You own the box
2. You don't think anyone has trojaned netstat.exe.  ;)

Since it is XP, you should use  netstat -ano to determine what application is running on that port.  Then break out 
some google-fu. 

P.s.  Did you try to telnet to port 999 on the box?  Nc.exe? Any response?


---------------------------------------
(Msg from BlackBerry Wireless Handheld)
---------------------------------------
Erik Pace Birkholz - CISSP, MCSE
Foundstone, Inc.
Strategic Security

Read Special Ops and mount an assault to eradicate network negligence today. www.SpecialOpsSeries.com

[Tel] 949.297.5591
[Cel] 323.252.5916
[Fax] 949.297.5575
[pgp] https://www.foundstone.com/pgpkeys/erik-birkholz.asc

-----Original Message-----
From: Gargac. Jeff <jgargac () maryville edu>
To: pen-test () securityfocus com <pen-test () securityfocus com>
Sent: Wed Aug 25 06:54:14 2004
Subject: tcp port 999

Hi all,

 
I ran nmap across one of my Windows XP SP1 workstations and it report
tcp port 999 open with the description of garcon.  Does anyone have an
idea as to what this is?  I've searched google and am unable to find a
description.  Thanks,

 Jeff


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Current thread:

tcp port 999 Gargac. Jeff (Aug 25)
- Re: tcp port 999 markzero (Aug 26)
- Re: tcp port 999 Gary H. Jones II (Aug 26)
- Re: tcp port 999 Tomas Sedlak (Aug 28)
- <Possible follow-ups>
- RE: tcp port 999 Ferino Mardo (Aug 26)
- Re: tcp port 999 Erik Birkholz (Aug 26)
- Re: tcp port 999 Mansoor Ahmed (Aug 26)
- Re: tcp port 999 J. Oquendo (Aug 26)