Re: tcp port 999

From: Erik Birkholz (erik@foundstone.com)
Date: Thu Aug 26 2004 - 03:06:09 EDT

• Next message: Mansoor Ahmed: "Re: tcp port 999"
• Previous message: Ferino Mardo: "RE: tcp port 999"
• Maybe in reply to: Gargac. Jeff: "tcp port 999"
• Next in thread: Mansoor Ahmed: "Re: tcp port 999"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Given my 2 assumptions:
1. You own the box
2. You don't think anyone has trojaned netstat.exe. ;)

Since it is XP, you should use netstat -ano to determine what application is running on that port. Then break out some google-fu.

P.s. Did you try to telnet to port 999 on the box? Nc.exe? Any response?

---------------------------------------
(Msg from BlackBerry Wireless Handheld)
---------------------------------------
Erik Pace Birkholz - CISSP, MCSE
Foundstone, Inc.
Strategic Security

Read Special Ops and mount an assault to eradicate network negligence today. www.SpecialOpsSeries.com

[Tel] 949.297.5591
[Cel] 323.252.5916
[Fax] 949.297.5575
[pgp] https://www.foundstone.com/pgpkeys/erik-birkholz.asc

-----Original Message-----
From: Gargac. Jeff <jgargac@maryville.edu>
To: pen-test@securityfocus.com <pen-test@securityfocus.com>
Sent: Wed Aug 25 06:54:14 2004
Subject: tcp port 999

Hi all,

 
I ran nmap across one of my Windows XP SP1 workstations and it report
tcp port 999 open with the description of garcon. Does anyone have an
idea as to what this is? I've searched google and am unable to find a
description. Thanks,

 Jeff

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Mansoor Ahmed: "Re: tcp port 999"
• Previous message: Ferino Mardo: "RE: tcp port 999"
• Maybe in reply to: Gargac. Jeff: "tcp port 999"
• Next in thread: Mansoor Ahmed: "Re: tcp port 999"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:01 EDT