|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pavel Kankovsky (peak
argo.troja.mff.cuni.cz)Date: Fri May 18 2001 - 03:54:15 CDT
On Wed, 16 May 2001, VanMeter, John wrote:
> I did a scan of a NT 4.0 SP6a server and found the following
> iad1 1030/tcp BBN IAD
This is probably a dynamically assigned port (or one of them) used by a
program supporting MS RPC over TCP. There is a program out there that can
query the "portmapper" listening on port 135/tcp, dump the list of MS RPC
servers, and--if you are lucky--provide some clues regarding the nature of
a service running on a given port, e.g.
IfId: 469d6ec0-0d87-11ce-b13f-00aa003bac6c version 16.0
Annotation: MS Exchange System Attendant Public Interface
UUID: 469d6ec0-0d87-11ce-b13f-00aa003bac6c
Binding: ncacn_ip_tcp:172.16.15.37[1058]
RpcMgmtInqIfIds succeeded
Interfaces: 4
469d6ec0-0d87-11ce-b13f-00aa003bac6c v16.0
83d72bf0-0d89-11ce-b13f-00aa003bac6c v6.0
67df7c70-0f04-11ce-b13f-00aa003bac6c v3.0
06ed1d30-d3d3-11cd-b80e-00aa004b9c30 v1.0
RpcMgmtInqServerPrincName succeeded
Name: MSExchangeSA
RpcMgmtInqStats succeeded
Stats[0]: 60342
Stats[1]: 0
Stats[2]: 48
Stats[3]: 51
Look for a file called (approximately) rpctools-1.0.zip. If you have the
package where Microsoft puts all useful stuff they neglect to include in
the base system (resource kit?), you may find a similar program there.
(BTW: I have a feeling MS RPC is a can of worms waiting to be open.)
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]