lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: r_i_c_h_lists at (Richard Maudsley)
Subject: Outlook 2003 listening on udp/3088

udp packets can be fired at all ports in that range
insecure <> wrote:
>Ondrej Krajicek wrote:
>>I've just noticed (no, not by using tools which ship with Windows XP[1], thank you Bill), that
>>Outlook 2003 binds to UDP port 3088 on all interfaces and listens. Quick Googling for it
>>found no useful explanation.
>>Does anyone know what is this good for? Another open port on my (and thousands of others) Windows box
>>really does not help anything, at least when it comes to security. Anyway, I am using
>>desktop firewall for access control, but knowing what this is and how can it be disabled ;-)
>>will make my sleep a bit better.
>>PS: [1] ...netstat wouldn't do, it does not display pid (or something).
>>|Ondrej Krajicek                                                 (-KO|
>>|Institute of Computer Science, Masaryk University Brno, CR          |
>>|     |
>This is probably the new mail notification service used by Exchange. See
>"New mail notification messages are sent by means of UDP packets from 
>the server to the client. The ports used for this notification are set 
>by the client when the client logs on to the information store. As part 
>of the log on process to the information store, the client tells the 
>server the IP address and port where it expects to receive new mail 
>notification messages. This will be a UDP port in the 1024-65535 range."
>Here are instructions for how to turn it off for LookOut 2002.
>2003 is probably similar.
>Even if there was some vulnerability that could be exploited through 
>this service, it would be hard to do, as the port number is not predictable.
>Full-Disclosure - We believe in it.

Powered by blists - more mailing lists