Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Port 5357 -- Vista SP1 ???

from [Mathieu CHATEAU] Network Security [Permanent Link]
Subject: RE: Port 5357 -- Vista SP1 ???
Date: Sat, 26 Jul 2008 08:13:34 +0200 
A more detailed page on the feature:
http://msdn.microsoft.com/en-us/library/bb756908.aspx


Cordialement,
Mathieu CHATEAU
french blog: http://www.lotp.fr
english blog: http://lordoftheping.blogspot.com


-----Message d'origine-----
De : listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] De
la part de jond
Envoyé : mardi 22 juillet 2008 22:02
À : pen-test@securityfocus.com
Objet : Port 5357 -- Vista SP1 ???

I have a homemade tripwire type program that alerted me to someone
connecting to port 5357 on my Vista SP1 box.
To my knowledge, I don't think I have this port open.

From a little time on google, it looks like some people are calling

this a potential info leak problem. I'm curious if anyone is going as
far as to manually block the port, and if so, if there are any
negative consequences?

In my opinion, if this is some sort of default vista webserver that
the firewall doesn't touch, it's but a matter of time.....



If I run  'netstat -anb | find "5357"'  it doesn't give the owning
process, it says:
 "x: Windows Sockets initialization failed: 5
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING
  TCP    [::]:5357              [::]:0                 LISTENING"


I tried hitting the port on another Vista computer and it looks like
it's some sort of built in webserver????
This is the response:

"C:\>nc 10.10.12.90 5357
?
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 22 Jul 2008 19:37:41 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML
4.01//EN""http://www.w3.org/TR/html4/str
ict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html;
charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

C:\>"


If I try to hit the port with firefox, since it looks like a
webserver, I get this:
"HTTP Error 503. The service is unavailable."

Very different from hitting a port that's blocked.....


I'm curious what everyone else thinks.


Jon


.


.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: port 18302, à aditya mukadam à
Next by Date:  Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension, Alexandru Burciu
Previous by Thread:  Re: Port 5357 -- Vista SP1 ???, Terry Cutler
Next by Thread:  Re: Port 5357 -- Vista SP1 ???, Colin Copley
Indexes:  [Date] [Thread] [Top] [All Lists]