lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: r_i_c_h_lists at btopenworld.com (Richard Maudsley)
Subject: Outlook 2003 listening on udp/3088

udp packets can be fired at all ports in that range

www.mindblock.org
insecure <insecure@...ritech.net> wrote:
>
>Ondrej Krajicek wrote:
>
>>Hello,
>>
>>I've just noticed (no, not by using tools which ship with Windows XP[1], thank you Bill), that
>>Outlook 2003 binds to UDP port 3088 on all interfaces and listens. Quick Googling for it
>>found no useful explanation.
>>
>>Does anyone know what is this good for? Another open port on my (and thousands of others) Windows box
>>really does not help anything, at least when it comes to security. Anyway, I am using
>>desktop firewall for access control, but knowing what this is and how can it be disabled ;-)
>>will make my sleep a bit better.
>>
>>Regards,
>>
>>Ondra
>>
>>PS: [1] ...netstat wouldn't do, it does not display pid (or something).
>>
>>+>>>-----------------------------------------------------------------+
>>|Ondrej Krajicek                                                 (-KO|
>>|Institute of Computer Science, Masaryk University Brno, CR          |
>>|http://isildur.ics.muni.cz/~ondra               krajicek@....muni.cz|
>>+--------------------------------------------------------------------+
>>  
>>
>This is probably the new mail notification service used by Exchange. See
>http://support.microsoft.com/default.aspx?scid=kb;EN-US;264035
>
>"New mail notification messages are sent by means of UDP packets from 
>the server to the client. The ports used for this notification are set 
>by the client when the client logs on to the information store. As part 
>of the log on process to the information store, the client tells the 
>server the IP address and port where it expects to receive new mail 
>notification messages. This will be a UDP port in the 1024-65535 range."
>
>Here are instructions for how to turn it off for LookOut 2002.
>http://support.microsoft.com/default.aspx?scid=kb;EN-US;305572
>2003 is probably similar.
>
>Even if there was some vulnerability that could be exploited through 
>this service, it would be hard to do, as the port number is not predictable.
>
>jerry
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists