TCP 41524 is a documented broadcast port for ArcServe (for license validation); given the close proximity and the presence of 6050 could the 41523 be an undocumented port for ArcServe? -----Original Message----- From: Patrick Webster [mailto:aushackat_private] Sent: Tuesday, June 03, 2003 5:35 PM To: pen-testat_private Subject: TCP port 41523 Hi All, Whilst doing a pen-test I came across a Windows NT4 box with IIS4. After doing a port scan, I noticed, among others, that port 41523 was open. Using Amap, the result returned is unknown, however the data given is: Response received from xxx.xxx.xxx.xxx port 41523 tcp (length 8 bytes): 0000: 424e 4532 3937 4400 ASCII: "NETBIOS_HOSTNAME" <= I've replaced the real hostname Unidentified ports: 41523/tcp (total 1). I've searched google without any luck. Does anyone know what this may be? I don't have access to the machine to run fport.exe or similar. Below is the results of an Nmap, if it helps. ort State Service 21/tcp open ftp 22/tcp open ssh 80/tcp open http 81/tcp open hosts2-ns 88/tcp open kerberos-sec 135/tcp open loc-srv 139/tcp open netbios-ssn 443/tcp open https 1027/tcp open IIS 1038/tcp open unknown 1041/tcp open unknown 1433/tcp open ms-sql-s 4899/tcp open radmin 6050/tcp open arcserve 8314/tcp open unknown 41523/tcp open unknown Thanks, -Patrick --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jun 04 2003 - 16:20:53 PDT