Vulnerability Development mailing list archives
Re: Firewall-1 SP7 CPU utilisation 100%
From: Matthew Pemble <mpemble () isintegration com>
Date: Tue, 8 Aug 2000 08:45:02 +0100
Not a firewall one issue, but on a recent audit, I found inetinfo.exe, mstask.exe and sqlservr.exe all bound to ports in the 1030 - 1032 area. I assume (no, I hope) that none of these are running on a firewall, and I further guess that it is because this range is just after the 1024 boundary that NT uses it for services. As to why, no idea. I tried telnetting to the ports and got and maintained a connection but no responses, banner, error or garbage. AFAIK, the IAD BBN port range is to do with bridging between IP and other protocols (eg X25). There was a discussion about this in Feb 1999 on the firewalls list at giac.net. Use TCPView to find out what is binding the ports and then we might be able to craft another FW-1 on NT DOS! Matthew Pemble, Principal Consultant, IS Integration, Preston Technology Management Centre, Marsh Lane, PRESTON, Lancashire, PR1 8UD Tel: +44 (0)1772 885850 Fax: +44 (0)1772 558881 Mobile: +44 (0)7050 128620 Mailto:mpemble () isintegration com Web: http://www.isintegration.com This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify your system manager or IS Integration Limited on +44 (0) 1772 885850 Any Views expressed in this e-mail message are those of the individual sending the message, except where the sender specifically states them to be the views of IS Integration Limited.
Current thread:
- Firewall-1 SP7 CPU utilisation 100% Alex Balayan (Aug 07)
- Re: Firewall-1 SP7 CPU utilisation 100% Matthew Pemble (Aug 08)