lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: jbm at hsc.fr (Jean-Baptiste Marchand)
Subject: IIS 5.0 random/fixed TCP/UDP ports

* thalm <thalm@...cabo.pt> [01/01/70 - 01:00]:

> When viewing the ports associated with inetinfo.exe (Windows 2000
> Server with IIS 5.0 in a default configuration) using TCPView I see
> port 80 (TCP) , 443 (TCP), another TCP strange and random port and one
> UDP port (3456)
>  
> Example in one machine: TCP 80 TCP 443 TCP 1055 UDP 3456
>  
> Example in another machine: TCP 80 TCP 443 TCP 2086 UDP 3456
>  
> Already tried to connect to the random TCP port, and write to it, but
> the server does not return a thing.  What are the random TCP and fixed
> UDP port for?

As detailed in the IIS 5.0 section of our Windows network services
minimization paper, IIS 5.0 runs RPC services over TCP/IP:

	http://www.hsc.fr/tips/min_srv_res_win.en.html

The dynamic TCP port is used by IIS remote administration RPC services.

You should also observe a dynamic UDP port. You can check with ifids
that RPC services are bound on these endpoints.

udp/3456 is used by IIS 5.0 internally. Microsoft finally documented
this port a few months ago, see 

	http://support.microsoft.com/?id=327859


Jean-Baptiste Marchand
-- 
Jean-Baptiste.Marchand@....fr
HSC - http://www.hsc.fr/


Powered by blists - more mailing lists