Penetration Testing mailing list archives

Re: Strange ports

From: Jason Barbier <kusuriya () gmail com>
Date: Mon, 18 Jun 2007 21:11:55 -0700

it looks like it has something to do with IIS or MS Phoning home or itssome sort of gateway from or to an attack its hard to say but here aresome tidbits I found. One way to know for certain is to sniff trafficoff them.

http://www.grc.com/port_1029.htm
http://www.auditmypc.com/port/tcp-port-1029.asp

http://www.seifried.org/security/ports/1000/1032.html
http://lists.debian.org/debian-user/2000/08/msg01614.html

and heres a list of what the ports are default registered to that youcan download

http://lists.thedatalist.com/portlist/PortRef1.zip


killy wrote:

Scanning my external firewall(at work), I (yes, it is my job to) findthis:



PORT     STATE    SERVICE
53/tcp   open     domain

1029/tcp open     ms-lsa
1032/tcp open     iad3

3389/tcp open     ms-term-serv


Why would 1029 and 1032 need to be open from the outside?

-Kill



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Strange ports killy (Jun 18)
- RE: Strange ports Erin Carroll (Jun 19)
- Re: Strange ports Jason Barbier (Jun 19)
  - Message not available
    - Re: Strange ports StaticRez (Jun 19)
- Re: Strange ports zion (Jun 19)
  - Re: Strange ports R. DuFresne (Jun 21)
    - Re: Strange ports Christine Kronberg (Jun 22)
- Re: Strange ports Tim Shea (Jun 19)
- Re: Strange ports killy (Jun 24)
- <Possible follow-ups>
- Re: Strange ports ebk_lists (Jun 19)
- Re: Re: Strange ports brian . marino (Jun 22)
  - Re: Re: Strange ports Tim Shea (Jun 22)
  - Re: Re: Strange ports Thor (Hammer of God) (Jun 22)