NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2005-07

RE: Port Zero

From: Jim Harrison (ISA) (jmharrmicrosoft.com)
Date: Mon Jul 18 2005 - 10:50:07 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is correct.
Netstat is showing you that those listeners are waiting to accept
traffic from (Foreign address) any IP (0.0.0.0) and any port (:0).

Jim Harrison
Security Business Unit (ISA SE)
"When you come to a fork in the road, take it."

--Yogi Berra

-----Original Message-----
From: Wimpie du Plessis [mailto:wimpieissecurity.co.za]
Sent: Sunday, July 17, 2005 11:59 PM
To: omibabagmail.com; incidentssecurityfocus.com
Subject: RE: Port Zero

Hi, I would think that it is cause it is listening and therefore it wont
know the foreign address source port, thats why it is set to zero, it
will
accept any src port coming into that listening port.

-----Original Message-----
From: omibabagmail.com [mailto:omibabagmail.com]
Sent: Saturday, July 16, 2005 6:14 AM
To: incidentssecurityfocus.com
Subject: Port Zero

Active Connections

  Proto Local Address Foreign Address State
  TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1054 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1307 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1344 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1445 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1447 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1452 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1453 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1455 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1460 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1465 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1466 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1469 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1491 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1496 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1498 0.0.0.0:0 LISTENING
  TCP 0.0.0.0:1507 0.0.0.0:0 LISTENING

Above is the output of netstat -an |more

Guys / Gals Do you know what means port zero in Windoze Platform ? I
know
the answer but jst wanted to know anyone has a better explaination.

In Unix Family port zero is used for socket programming but not the same
in
Windoze family.

I have asked this question in many programs of mine in CEH - Certfied
Ethical Hacking but still awaiting for answers. Lemme see if can get
some
answers for this post!!!!

Ciao

Baba
CEO
Appsec

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]