('binary' encoding is not supported, stored as-is) In-Reply-To: <20020703165000.24033.qmailat_private-secure.de> > >It also has 427/tcp and 524/tcp open (well, nmap says) - are there any tools >that can enumerate more information from the server through these ports - if >at all ? >I assume, these are Novell-specific ports. 427 is not Novell specific - it's the Server Location Protocol (see ftp://ftp.isi.edu/in-notes/rfc2608.txt for the IETF RFC text). However, Novell does use it as the registration/advertisement protocol to replace SAP for clients to find servers at NDS login time (NCP/IP). Since it's a multicast protocol, generally, or broadcast locally, it has very little use being exposed on an external network, at least the way Novell uses it. Even clients logging in over NCP/IP (the 524 port, above) can't use it over the WAN unless multicast routing is enabled (I've seen that on some European ISPs, but haven't noticed it very often), or perhaps SLP forwarding. Such clients generally have to provide the ip address (or DNS name) of a server in the tree the user wants to log into. Come to think of it, I didn't even know it was a TCP protocol...yep, there's a TCP mode for handling large SLP messages. Regards, Ed Reed ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jul 05 2002 - 14:16:08 PDT