From: Ed Reed (ereed@novell.com)
Date: Fri Jul 05 2002 - 12:55:48 EDT
>
>It also has 427/tcp and 524/tcp open (well, nmap says) - are there any
tools
>that can enumerate more information from the server through these ports -
if
>at all ?
>I assume, these are Novell-specific ports.
427 is not Novell specific - it's the Server Location Protocol (see
ftp://ftp.isi.edu/in-notes/rfc2608.txt for the IETF RFC text). However,
Novell does use it as the registration/advertisement protocol to
replace SAP for clients to find servers at NDS login time (NCP/IP).
Since it's a multicast protocol, generally, or broadcast locally, it has
very little use being exposed on an external network, at least the way
Novell uses it. Even clients logging in over NCP/IP (the 524 port, above)
can't use it over the WAN unless multicast routing is enabled (I've seen
that on some European ISPs, but haven't noticed it very often), or perhaps
SLP forwarding. Such clients generally have to provide the ip address (or
DNS name) of a server in the tree the user wants to log into.
Come to think of it, I didn't even know it was a TCP protocol...yep,
there's a TCP mode for handling large SLP messages.
Regards,
Ed Reed
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT