As they are all > 1024 they _could_ be anything - there was a thread recently that dealt with identifying what programs were listening on what ports. Some of these are : Foundstones FPort http://www.foundstone.com/rdlabs/tools.php?category=Forensic TCPView Pro http://www.winternals.com/products/monitoringtools/tcpviewpro.asp Inzider http://www.ntsecurity.nu/toolbox/inzider The whole thread is at http://www.securityfocus.com/cgi-bin/archive.pl?id=75&start=2002-01-06&end=2 002-01-12&threads=1&tid=246422 Cheers. ----- Original Message ----- From: "Katherine Ogden" <kogdenat_private> To: <incidentsat_private> Sent: Wednesday, January 09, 2002 5:00 PM Subject: Think I've got trouble > > > We began having trouble with our exchange server. > For no reason we could pin down the OWA would > throw up an error and stop the www service. Being > the slightly paranoid sort I downloaded Retina and ran > it against the email server. It showed the usual things > but it also showed > Port 1058 - Nim > Port 1090 - Xtreme > > Two other exchange servers show these ports open. > Port 1042 - Bla > Port 1059 - Nimreg > > Two questions. Does anybody know what these > are? And am I right in assuming that these machines > have been compromised and will need to be rebuilt? > > Thank you for the help. > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 15:14:53 PST