|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Captain James T Kirk (Captain_Kirk
myrealbox.com)Date: Wed Jul 11 2001 - 16:15:44 CDT
Here's a list of known ports:
Known ports from 0 to 1023
25
tcp, udp smtp Simple Mail Transfer; alias=mail
80
tcp udp WWW World Wide Web HTTP
135
tcp udp loc-srv / epmap Location Service / DCE endpoint resolution
137
tcp udp netbios-ns NetBIOS Name Service
138
tcp udp netbios-dgm NetBIOS Datagram Service
139
tcp udp netbios-ssn NetBIOS Session Service
445
tcp udp microsoft-ds Microsoft-DS
500
tcp udp isakmp internet Secuirty Association and Key management protocol
Registered ports from 1024 to 49151
1025
tcp listen listener RFS remote_file_sharing
1026
tcp nterm remote_login network_terminal
1031 & 1032
tcp udp iad3 BBN IAD timeplex.com
1433
tcp, udp ms-sql-s Microsoft-SQL-Server
1434
tcp, udp ms-sql-m Microsoft-SQL-Monitor microsoft.com
3372
tcp, udp tip2 loc252.tandem.com
3456
tcp udp vat VAT default data ee.lbl.gov
10000
tcp udp ndmp Network Data Management Protocol netapp.com
Looks like you have a web server listening on port 80 (Microsoft Personal
Web Server perhaps?), a Microsoft SQL Server listening to port 1433 (using
a database for your web pages?), you are checking your mail on port 25,
ports 135 to 139 are being used for your dial-up connection (or whatever)
and it looks like you have File and Print sharing enabled and turned on.
check out http://www.iana.org/assignments/port-numbers
On Tue, 10 Jul 2001, Jacques Exelrud wrote:
> I'm using ZoneAlarm on a machine. Starting some days ago the alert log
> started to show a UDP connection from my machine to my machine (denied by
> ZoneAlamr)
> The UDP port is 10000.
> After check netstat -n -a I lso found some weird ports:
>
> TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1032 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING
> TCP 1.0.0.1:1433 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1433 0.0.0.0:0 LISTENING
> TCP 192.168.64.1:139 0.0.0.0:0 LISTENING
> TCP 192.168.64.1:1433 0.0.0.0:0 LISTENING
> UDP 0.0.0.0:135 *:*
> UDP 0.0.0.0:445 *:*
> UDP 0.0.0.0:500 *:*
> UDP 0.0.0.0:1028 *:*
> UDP 0.0.0.0:1031 *:*
> UDP 0.0.0.0:1434 *:*
> UDP 0.0.0.0:3456 *:*
> UDP 0.0.0.0:10000 *:*
> UDP 192.168.64.1:137 *:*
> UDP 192.168.64.1:138 *:*
>
> Some of the are known but other are, at least, suspicious.
>
> Any sugestions on how to find who owns those ports ? ZoneAlarm does not
> bother me with them so I suspect that who owns them is services.exe or other
> Win200 program that have been allowed to act like a server.
>
> Thanks in advance,
> Jacques
>
>
>
>
> ----------------------------------------------------------------------------
>
>
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see:
>
> http://aris.securityfocus.com
>
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]