Penetration Testing mailing list archives
Re: Strange ports
From: killy <killfactory () gmail com>
Date: Sat, 23 Jun 2007 22:49:16 -0400
Thanks for all of the great responses. I guess it may help to clear up a few things. 53 is valid and documented. 3389 is not documented, but I already know the answer before I ask why they did this ;-) But 1029 and 1032, were the interesting ones ot me. Not documented or common to myself. On 6/18/07, killy <killfactory () gmail com> wrote:
Scanning my external firewall(at work), I (yes, it is my job to) find this: PORT STATE SERVICE 53/tcp open domain 1029/tcp open ms-lsa 1032/tcp open iad3 3389/tcp open ms-term-serv Why would 1029 and 1032 need to be open from the outside? -Kill -- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
-- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Strange ports killy (Jun 18)
- RE: Strange ports Erin Carroll (Jun 19)
- Re: Strange ports Jason Barbier (Jun 19)
- Message not available
- Re: Strange ports StaticRez (Jun 19)
- Message not available
- Re: Strange ports zion (Jun 19)
- Re: Strange ports R. DuFresne (Jun 21)
- Re: Strange ports Christine Kronberg (Jun 22)
- Re: Strange ports R. DuFresne (Jun 21)
- Re: Strange ports Tim Shea (Jun 19)
- Re: Strange ports killy (Jun 24)
- <Possible follow-ups>
- Re: Strange ports ebk_lists (Jun 19)
- Re: Re: Strange ports brian . marino (Jun 22)
- Re: Re: Strange ports Tim Shea (Jun 22)
- Re: Re: Strange ports Thor (Hammer of God) (Jun 22)