On 9 Jan 2002, Katherine Ogden wrote:
> Two other exchange servers show these ports open.
> Port 1042 - Bla
> Port 1059 - Nimreg
>
> Two questions. Does anybody know what these
> are? And am I right in assuming that these machines
> have been compromised and will need to be rebuilt?
Not nescessarily.
exchange binds to rando high ports each time it is rebooted. Can you
verify these ports are part of exchange? (Shutdown exchange and the ports
should be gone. After a restart you should have other ports listening.)
Fixing port numbers of exchange is described on various locations.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooijat_private http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 14:55:44 PST