445/tcp suggests the box is W2K and is running netbios, which is pretty much the equivalent of 139/tcp on NT boxes. Try running dumpsec from somarsoft. Mehmet Murat Gunsay BTKOM A.S. http://www.btkom.com mgunsayat_private muratat_private PGP Key ID: 0xDDE611E1 ----- Original Message ----- From: <kiwi99at_private> To: <pen-testat_private> Sent: Wednesday, February 27, 2002 8:12 PM Subject: Unusual ports found in nmap scan > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello All > > I'm currently pentesting a client and nmap reports that a particular host has the following ports open: > 82/tcp > 445/tcp > 447/tcp > > All other ports are filtered - the host is behind a Check Point firewall. > Nmap OS identification states it's very unreliable as it can't find a closed port, but suggests FreeBSD or D-Link. > > The IP address has no DNS name, and as you can see no web/mail services are running (these are handled by other servers on the subnet). > > RFC1700 states that these ports are xfer, microsoft-ds and DDM-RDB respectively. Clearly the client could be running anything on these ports - netcat reveals no banner information at all. > > I can't find any meaningful info on the xfer utility. > DDM-RDB information suggests that it's an AS/400 protocol. > That's rather contradicted by microsoft-ds which implies it's a Win2K box. > > Does anyone have any further information on these ports and what sort of application might be running using these open ports (assuming they are what they say they are!) > > Also assuming it's Win2K are there any tools for enumeration on port 445? > > All help appreciated > > Dave > > > Hush provide the worlds most secure, easy to use online applications - which solution is right for you? > HushMail Secure Email http://www.hushmail.com/ > HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ > Hush Business - security for your Business http://www.hush.com/ > Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ > > -----BEGIN PGP SIGNATURE----- > Version: Hush 2.1 > Note: This signature can be verified at https://www.hushtools.com > > wlsEARECABsFAjx9Ic4UHGtpd2k5OUBodXNobWFpbC5jb20ACgkQHE/0wvT4MVRnPwCf > UZTDj9+KVg3PYlYCQbDjeIldekIAn3PG/zwvpnGK53FX1Zvolh3nZrQW > =zz2v > -----END PGP SIGNATURE----- > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 08:07:15 PST