Penetration Testing mailing list archives

RE: Strange ports

From: "Erin Carroll" <amoeba () amoebazone com>
Date: Mon, 18 Jun 2007 20:31:37 -0700

I would recommend using amap to see about getting a fingerprint of the
application used on these ports if possible and/or contacting your firewall
team to check the configs and see what these services are for. The IANA
lists of port to application mappings are general guidelines, not explicit
sets of what the application actually is. There's no law that says you have
to run ms-term-serv on port 3389 :) You should be concerned about more than
just the 1029 and 1032 ports. I know of no valid security or business reason
why you would want to allow random people on the internet to attempt
terminal connections to your internal machines... That's what VPN's are for.

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of killy
Sent: Monday, June 18, 2007 11:59 AM
To: Pen-Tests
Subject: Strange ports

Scanning my external firewall(at work), I (yes, it is my job 
to) find this:


PORT     STATE    SERVICE
53/tcp   open     domain

1029/tcp open     ms-lsa
1032/tcp open     iad3

3389/tcp open     ms-term-serv


Why would 1029 and 1032 need to be open from the outside?

-Kill


--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with 
our 20/20 program!

http://www.cenzic.com/c/2020
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Strange ports killy (Jun 18)
- RE: Strange ports Erin Carroll (Jun 19)
- Re: Strange ports Jason Barbier (Jun 19)
  - Message not available
    - Re: Strange ports StaticRez (Jun 19)
- Re: Strange ports zion (Jun 19)
  - Re: Strange ports R. DuFresne (Jun 21)
    - Re: Strange ports Christine Kronberg (Jun 22)
- Re: Strange ports Tim Shea (Jun 19)
- Re: Strange ports killy (Jun 24)
- <Possible follow-ups>
- Re: Strange ports ebk_lists (Jun 19)
- Re: Re: Strange ports brian . marino (Jun 22)
  - Re: Re: Strange ports Tim Shea (Jun 22)

(Thread continues...)