Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange ports

From: Tim Shea <tim () tshea net>
Date: Tue, 19 Jun 2007 17:36:26 -0500
My first step would be to request the firewall ruleset (or grab them yourself if you have access) and trace back to the source on your internal network. Then ask the owners of whatever you traced it back to that very question. 


On Jun 18, 2007, at 1:59 PM, killy wrote:
Scanning my external firewall(at work), I (yes, it is my job to) find this: 


PORT     STATE    SERVICE
53/tcp   open     domain

1029/tcp open     ms-lsa
1032/tcp open     iad3

3389/tcp open     ms-term-serv


Why would 1029 and 1032 need to be open from the outside?

-Kill


--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
---------------------------------------------------------------------- -- 
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
---------------------------------------------------------------------- -- 




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: