[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: Is this laptop at high security risk?

To: SECURITY-BASICS <SECURITY-BASICS@securityfocus.com>, ids@uow.edu.au
Subject: IDS: Is this laptop at high security risk?
From: Ivan Fox <ifox100@hotmail.com>
Date: Sat, 10 Feb 2001 19:55:00 -0500

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
I did a scan on a laptop running W2K Professional for a salesperson using
SuperScan and obtained the following results. I am wondering why so many
ports are open?  Some ports sounds scary, e.g., netbus backdoor,
stone-design-1, back orffice!!  Any info/comments/pointers are badly needed.

 |___   911  xact-backup
 |___   999  ?
 |___  1001  WEB ex trojan
 |___  1011
 |___  1012
 |___  1024  Reserved
 |___  1025  network blackjack
 |___  1045
 |___  1090
 |___  1170
 |___  1234
 |___  1243
 |___  1245
 |___  1278
 |___  1492  stone-design-1
 |___  1600  ?
 |___  1807  Fujitsu Hot Standby Protocol
 |___  1981
 |___  1999  cisco identification port
 |___  2001  ?
 |___  2023  ?
 |___  2115
 |___  2140
 |___  2565
 |___  2583  Wincrash V2.0 trojan
 |___  2701
 |___  2702
 |___  2801  Phineas trojan
 |___  3024
 |___  3129
 |___  3150
 |___  3700
 |___  4092
 |___  4567
 |___  4590
 |___  5000  ?
 |___  5001  ?
 |___  5321
 |___  5400  Excerpt Search
 |___  5401  Excerpt Search Secure
 |___  5402
 |___  5555  Personal Agent
 |___  5556
 |___  5557
 |___  5569
 |___  5742  Wincrash V1.03
 |___  6400
 |___  6670  Vocaltec Global Online Directory
 |___  6771
 |___  6776
 |___  6939
 |___  6969  acmsoda
 |___  7000  file server itself
 |___  7300
 |___  7301
 |___  7306
 |___  7307
 |___  7308
 |___  7789
 |___  8080  Standard HTTP Proxy
 |___  9872
 |___  9873
 |___  9874
 |___  9875
 |___  9989
 |___ 10067
 |___ 10167
 |___ 10520
 |___ 10607
 |___ 11000  SSTROJG trojan
 |___ 11223
 |___ 12223
 |___ 12345  Win95/NT Netbus backdoor
 |___ 12346
 |___ 12361
 |___ 12362
 |___ 12631
 |___ 13000
 |___ 16969
 |___ 20001  Millenium trojan
 |___ 20034
 |___ 21544
 |___ 22222
 |___ 23456  Evil FTP trojan
 |___ 30029
 |___ 30100
 |___ 30101
 |___ 30102
 |___ 30303  Sockets De Troie trojan
 |___ 31338
 |___ 31339
 |___ 31666
 |___ 33333
 |___ 34324
 |___ 40412
 |___ 40421
 |___ 40422
 |___ 40423
 |___ 40426
 |___ 50505
 |___ 50766
 |___ 53001
 |___ 54321
 |___ 60000
 |___ 61466
 |___ 65000  Devil trojan

Prev by Date: Re: IDS: academical questions
Next by Date: Re: IDS: Is this laptop at high security risk?
Prev by thread: Re: IDS: Where has the content of D.E. Denning's "An Intrusion Detection Model"?
Next by thread: Re: IDS: Is this laptop at high security risk?
Index(es):
- Date
- Thread