Re: Strange ports

From: StaticRez (staticrez@gmail.com)
Date: Tue Jun 19 2007 - 18:27:53 EDT

• Next message: Michael Scheidell: "RE: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection"
• Previous message: Jessie Ling XX (MC/EPA): "RE: Security and VPN"
• Maybe in reply to: killy: "Strange ports"
• Next in thread: killy: "Re: Strange ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can try telnet to those ports as well. Maybe you'll get lucky and
get some output...

1029 is also known to be an ICQ port.
(http://www.seifried.org/security/ports/1000/1029.html)

Port 1032 is also a known ICQ port. and yes, i agree with the other
guys on having terminal services open to the world. bad practice.

good luck.

On 6/19/07, StaticRez <staticrez@gmail.com> wrote:
> You can try telnet to those ports as well. Maybe you'll get lucky and get some output...
>
> 1029 is also known to be an ICQ port.
> (http://www.seifried.org/security/ports/1000/1029.html )
>
> Port 1032 is also a known ICQ port. and yes, i agree with the other guys on having terminal services open to the world. bad practice.
>
> good luck.
>
>
>
> On 6/18/07, Jason Barbier <kusuriya@gmail.com> wrote:
> > it looks like it has something to do with IIS or MS Phoning home or its
> > some sort of gateway from or to an attack its hard to say but here are
> > some tidbits I found. One way to know for certain is to sniff traffic
> > off them.
> > http://www.grc.com/port_1029.htm
> > http://www.auditmypc.com/port/tcp-port-1029.asp
> >
> > http://www.seifried.org/security/ports/1000/1032.html
> > http://lists.debian.org/debian-user/2000/08/msg01614.html
> >
> > and heres a list of what the ports are default registered to that you
> > can download
> > http://lists.thedatalist.com/portlist/PortRef1.zip
> >
> >
> > killy wrote:
> > > Scanning my external firewall(at work), I (yes, it is my job to) find
> > > this:
> > >
> > >
> > > PORT STATE SERVICE
> > > 53/tcp open domain
> > >
> > > 1029/tcp open ms-lsa
> > > 1032/tcp open iad3
> > >
> > > 3389/tcp open ms-term-serv
> > >
> > >
> > > Why would 1029 and 1032 need to be open from the outside?
> > >
> > > -Kill
> > >
> > >
> >
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Are you using SPI, Watchfire or WhiteHat?
> > Consider getting clear vision with Cenzic
> > See HOW Now with our 20/20 program!
> >
> > http://www.cenzic.com/c/2020
> > ------------------------------------------------------------------------
> >
> >
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Michael Scheidell: "RE: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection"
• Previous message: Jessie Ling XX (MC/EPA): "RE: Security and VPN"
• Maybe in reply to: killy: "Strange ports"
• Next in thread: killy: "Re: Strange ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:53 EDT