| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jbm at hsc.fr (Jean-Baptiste Marchand) Subject: IIS 5.0 random/fixed TCP/UDP ports * thalm <thalm@...cabo.pt> [01/01/70 - 01:00]: > When viewing the ports associated with inetinfo.exe (Windows 2000 > Server with IIS 5.0 in a default configuration) using TCPView I see > port 80 (TCP) , 443 (TCP), another TCP strange and random port and one > UDP port (3456) > > Example in one machine: TCP 80 TCP 443 TCP 1055 UDP 3456 > > Example in another machine: TCP 80 TCP 443 TCP 2086 UDP 3456 > > Already tried to connect to the random TCP port, and write to it, but > the server does not return a thing. What are the random TCP and fixed > UDP port for? As detailed in the IIS 5.0 section of our Windows network services minimization paper, IIS 5.0 runs RPC services over TCP/IP: http://www.hsc.fr/tips/min_srv_res_win.en.html The dynamic TCP port is used by IIS remote administration RPC services. You should also observe a dynamic UDP port. You can check with ifids that RPC services are bound on these endpoints. udp/3456 is used by IIS 5.0 internally. Microsoft finally documented this port a few months ago, see http://support.microsoft.com/?id=327859 Jean-Baptiste Marchand -- Jean-Baptiste.Marchand@....fr HSC - http://www.hsc.fr/
Powered by blists - more mailing lists