Re: Port 5357 -- Vista SP1 ???

[bigbert007 <bigbert007 () gmail com>]

According to a netstat -ao processID 4 owns it which on my Vista box is 
the "System" process.  I don't have any idea what it is for though.  
Interesting question.

Bert



jond wrote:
> I have a homemade tripwire type program that alerted me to someone
> connecting to port 5357 on my Vista SP1 box.
> To my knowledge, I don't think I have this port open.
> From a little time on google, it looks like some people are calling
> this a potential info leak problem. I'm curious if anyone is going as
> far as to manually block the port, and if so, if there are any
> negative consequences?
>
> In my opinion, if this is some sort of default vista webserver that
> the firewall doesn't touch, it's but a matter of time.....
>
>
>
> If I run  'netstat -anb | find "5357"'  it doesn't give the owning
> process, it says:
>  "x: Windows Sockets initialization failed: 5
>   TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING
>   TCP    [::]:5357              [::]:0                 LISTENING"
>
>
> I tried hitting the port on another Vista computer and it looks like
> it's some sort of built in webserver????
> This is the response:
>
> "C:\>nc 10.10.12.90 5357
> ?
> HTTP/1.1 400 Bad Request
> Content-Type: text/html; charset=us-ascii
> Server: Microsoft-HTTPAPI/2.0
> Date: Tue, 22 Jul 2008 19:37:41 GMT
> Connection: close
> Content-Length: 326
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/str
> ict.dtd">
> <HTML><HEAD><TITLE>Bad Request</TITLE>
> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
> <BODY><h2>Bad Request - Invalid Verb</h2>
> <hr><p>HTTP Error 400. The request verb is invalid.</p>
> </BODY></HTML>
>
> C:\>"
>
>
> If I try to hit the port with firefox, since it looks like a
> webserver, I get this:
> "HTTP Error 503. The service is unavailable."
>
> Very different from hitting a port that's blocked.....
>
>
> I'm curious what everyone else thinks.
>
>
> Jon
>
>
>
>
>
>
> .
>
>
> .
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in 
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>   



---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080727-0, 07/27/2008
Tested on: 7/28/2008 7:44:16 AM
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------