[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: RE: Is this laptop at high security risk?

To: 'Ivan Fox' <ifox100@hotmail.com>, SECURITY-BASICS <SECURITY-BASICS@securityfocus.com>, ids@uow.edu.au
Subject: IDS: RE: Is this laptop at high security risk?
From: Jeff Deitz <JeffD@VSP.com>
Date: Mon, 12 Feb 2001 06:57:03 -0800


    [ Part 1, Text/PLAIN (charset: ISO-8859-1 "Latin 1")  137 lines. ]
    [ Unable to print this part. ]

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Did you run "netstat -a -n" on the system and verify what ports this
system actually has open compared to what this program is reporting as
open? Seeing as how none of the standard lower numbered W2K ports, 135,
137, 138, 139 and 445 at the very least, are not listed I doubt this tool
is reporting on open ports.

-----Original Message-----
From: Ivan Fox [mailto:ifox100@hotmail.com]
Sent: Saturday, February 10, 2001 4:55 PM
To: SECURITY-BASICS; ids@uow.edu.au
Subject: IDS: Is this laptop at high security risk?


Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
I did a scan on a laptop running W2K Professional for a salesperson using
SuperScan and obtained the following results. I am wondering why so many
ports are open?  Some ports sounds scary, e.g., netbus backdoor,
stone-design-1, back orffice!!  Any info/comments/pointers are badly
needed.

 |___   911  xact-backup
 |___   999  ?
 |___  1001  WEB ex trojan
 |___  1011
 |___  1012
 |___  1024  Reserved
 |___  1025  network blackjack
 |___  1045
 |___  1090
 |___  1170
 |___  1234
 |___  1243
 |___  1245
 |___  1278
 |___  1492  stone-design-1
 |___  1600  ?
 |___  1807  Fujitsu Hot Standby Protocol
 |___  1981
 |___  1999  cisco identification port
 |___  2001  ?
 |___  2023  ?
 |___  2115
 |___  2140
 |___  2565
 |___  2583  Wincrash V2.0 trojan
 |___  2701
 |___  2702
 |___  2801  Phineas trojan
 |___  3024
 |___  3129
 |___  3150
 |___  3700
 |___  4092
 |___  4567
 |___  4590
 |___  5000  ?
 |___  5001  ?
 |___  5321
 |___  5400  Excerpt Search
 |___  5401  Excerpt Search Secure
 |___  5402
 |___  5555  Personal Agent
 |___  5556
 |___  5557
 |___  5569
 |___  5742  Wincrash V1.03
 |___  6400
 |___  6670  Vocaltec Global Online Directory
 |___  6771
 |___  6776
 |___  6939
 |___  6969  acmsoda
 |___  7000  file server itself
 |___  7300
 |___  7301
 |___  7306
 |___  7307
 |___  7308
 |___  7789
 |___  8080  Standard HTTP Proxy
 |___  9872
 |___  9873
 |___  9874
 |___  9875
 |___  9989
 |___ 10067
 |___ 10167
 |___ 10520
 |___ 10607
 |___ 11000  SSTROJG trojan
 |___ 11223
 |___ 12223
 |___ 12345  Win95/NT Netbus backdoor
 |___ 12346
 |___ 12361
 |___ 12362
 |___ 12631
 |___ 13000
 |___ 16969
 |___ 20001  Millenium trojan
 |___ 20034
 |___ 21544
 |___ 22222
 |___ 23456  Evil FTP trojan
 |___ 30029
 |___ 30100
 |___ 30101
 |___ 30102
 |___ 30303  Sockets De Troie trojan
 |___ 31338
 |___ 31339
 |___ 31666
 |___ 33333
 |___ 34324
 |___ 40412
 |___ 40421
 |___ 40422
 |___ 40423
 |___ 40426
 |___ 50505
 |___ 50766
 |___ 53001
 |___ 54321
 |___ 60000
 |___ 61466
 |___ 65000  Devil trojan

Prev by Date: Re: IDS: Where has the content of D.E. Denning's "An Intrusion Detection Model"?
Next by Date: IDS: slow udp scan
Prev by thread: Re: IDS: Is this laptop at high security risk?
Next by thread: IDS: slow udp scan
Index(es):
- Date
- Thread