lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: insecure at ameritech.net (insecure)
Subject: Outlook 2003 listening on udp/3088

Ondrej Krajicek wrote:

>Hello,
>
>I've just noticed (no, not by using tools which ship with Windows XP[1], thank you Bill), that
>Outlook 2003 binds to UDP port 3088 on all interfaces and listens. Quick Googling for it
>found no useful explanation.
>
>Does anyone know what is this good for? Another open port on my (and thousands of others) Windows box
>really does not help anything, at least when it comes to security. Anyway, I am using
>desktop firewall for access control, but knowing what this is and how can it be disabled ;-)
>will make my sleep a bit better.
>
>Regards,
>
>Ondra
>
>PS: [1] ...netstat wouldn't do, it does not display pid (or something).
>
>+>>>-----------------------------------------------------------------+
>|Ondrej Krajicek                                                 (-KO|
>|Institute of Computer Science, Masaryk University Brno, CR          |
>|http://isildur.ics.muni.cz/~ondra               krajicek@....muni.cz|
>+--------------------------------------------------------------------+
>  
>
This is probably the new mail notification service used by Exchange. See
http://support.microsoft.com/default.aspx?scid=kb;EN-US;264035

"New mail notification messages are sent by means of UDP packets from 
the server to the client. The ports used for this notification are set 
by the client when the client logs on to the information store. As part 
of the log on process to the information store, the client tells the 
server the IP address and port where it expects to receive new mail 
notification messages. This will be a UDP port in the 1024-65535 range."

Here are instructions for how to turn it off for LookOut 2002.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;305572
2003 is probably similar.

Even if there was some vulnerability that could be exploited through 
this service, it would be hard to do, as the port number is not predictable.

jerry


Powered by blists - more mailing lists