I hate to give away professional secrets here, but I frequently use Google to give me an idea of what might be running on an unidentified port: http://www.google.com/search?q=TCP+41523 Looks like more arcserve to me... Phil > -----Original Message----- > From: Patrick Webster [mailto:aushackat_private] > Sent: Tuesday, June 03, 2003 8:35 PM > To: pen-testat_private > Subject: TCP port 41523 > > > Hi All, > > Whilst doing a pen-test I came across a Windows NT4 box with > IIS4. After doing a port scan, I noticed, among others, that > port 41523 was open. > > Using Amap, the result returned is unknown, however the data given is: > > Response received from xxx.xxx.xxx.xxx port 41523 tcp (length > 8 bytes): > 0000: 424e 4532 3937 4400 > ASCII: "NETBIOS_HOSTNAME" <= I've replaced the real hostname > Unidentified ports: 41523/tcp (total 1). > > I've searched google without any luck. Does anyone know what > this may be? I don't have access to the machine to run > fport.exe or similar. Below is the results of an Nmap, if it helps. > > ort State Service > 21/tcp open ftp > 22/tcp open ssh > 80/tcp open http > 81/tcp open hosts2-ns > 88/tcp open kerberos-sec > 135/tcp open loc-srv > 139/tcp open netbios-ssn > 443/tcp open https > 1027/tcp open IIS > 1038/tcp open unknown > 1041/tcp open unknown > 1433/tcp open ms-sql-s > 4899/tcp open radmin > 6050/tcp open arcserve > 8314/tcp open unknown > 41523/tcp open unknown > > Thanks, > > -Patrick > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jun 04 2003 - 16:17:39 PDT