[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200405172154.i4HLs3412098@netsys.com>
From: r_i_c_h_lists at btopenworld.com (Richard Maudsley)
Subject: Outlook 2003 listening on udp/3088
udp packets can be fired at all ports in that range
www.mindblock.org
insecure <insecure@...ritech.net> wrote:
>
>Ondrej Krajicek wrote:
>
>>Hello,
>>
>>I've just noticed (no, not by using tools which ship with Windows XP[1], thank you Bill), that
>>Outlook 2003 binds to UDP port 3088 on all interfaces and listens. Quick Googling for it
>>found no useful explanation.
>>
>>Does anyone know what is this good for? Another open port on my (and thousands of others) Windows box
>>really does not help anything, at least when it comes to security. Anyway, I am using
>>desktop firewall for access control, but knowing what this is and how can it be disabled ;-)
>>will make my sleep a bit better.
>>
>>Regards,
>>
>>Ondra
>>
>>PS: [1] ...netstat wouldn't do, it does not display pid (or something).
>>
>>+>>>-----------------------------------------------------------------+
>>|Ondrej Krajicek (-KO|
>>|Institute of Computer Science, Masaryk University Brno, CR |
>>|http://isildur.ics.muni.cz/~ondra krajicek@....muni.cz|
>>+--------------------------------------------------------------------+
>>
>>
>This is probably the new mail notification service used by Exchange. See
>http://support.microsoft.com/default.aspx?scid=kb;EN-US;264035
>
>"New mail notification messages are sent by means of UDP packets from
>the server to the client. The ports used for this notification are set
>by the client when the client logs on to the information store. As part
>of the log on process to the information store, the client tells the
>server the IP address and port where it expects to receive new mail
>notification messages. This will be a UDP port in the 1024-65535 range."
>
>Here are instructions for how to turn it off for LookOut 2002.
>http://support.microsoft.com/default.aspx?scid=kb;EN-US;305572
>2003 is probably similar.
>
>Even if there was some vulnerability that could be exploited through
>this service, it would be hard to do, as the port number is not predictable.
>
>jerry
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists