NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2009-07

Re: Opne ports 1863 & 5910 - pentest

From: Andrew Kuriger (a.kurigerliquidphlux.com)
Date: Wed Jul 08 2009 - 14:07:42 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Tom,

Port 1863 is most commonly used for MSN Messenger (Using UDP) and VNC
Server uses port 5910 (Using TCP). My guess would be that the company
you are pen testing is using MSN messenger for collaboration and VNC for
desktop assistance.

You stated these are public IPs and the above would be an extremely bad
idea to have the above ports open on the public facing side (Due to vuln
in MSN and brute force attacks on VNC and possible VNC vulns). IMO this
is fairly uncommon as most companies either use NAT or firewall so these
ports are not public facing.

I would be worried, but then again I have always been paranoid.

~Andrew

On 7/8/2009, "tomright006gmail.com" <tomright006gmail.com> wrote:

>Hi all,
>
>I have just started my information security career & I am doing pentest on pool of some public IP's as my first assignment in Pentest.
>
>During pentest I found that port 1863 & port 5910 are common for most of the IPs's ( In fact almost all).
>
>I would like to know if anyone come across such situation while doing pentest in past.
>
>Thanks
>
>Tom Right
>
>Security Engineer
>
>------------------------------------------------------------------------
>This list is sponsored by: Information Assurance Certification Review Board
>
>Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
>http://www.iacertification.org
>------------------------------------------------------------------------
>

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]