Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Port 8081 mystery

from [Steven Nixon] Network Security [Permanent Link]
Subject: Re: Port 8081 mystery
Date: Wed, 24 Jan 2007 13:28:26 -0800
In addition to the other utilities listed in the replies using the -b switch with netstat will also help identify what process has the port open.

Steve
On Jan 24, 2007, at 2:09 AM, Alcides wrote:

Hi WALI,

There are several possibilities for why the port is open.

To analyze this situation, you can try a handy utility "Active Ports"

It's an easy to use tool for Windows NT/2000/XP that enables you to monitor all open TCP and UDP ports on the local computer.
Active Ports shows corresponding ports to the owning application so you can watch which process has opened which port.

It also displays a local and remote IP address for each connection and allows you to terminate the owning process. It also shows the process IDs.
Active Ports can help you to detect trojans and other malicious programs.
Hope this will help you to analyze the situation

Regards,
Alcides

WALI wrote:
HI list...
I ran a nmap scan on quite a few machines on my internal subnet and one port that appears on all those scans, especially the machines that are still running adequately patched but older Windows 2000 workstations, is tcp 8081. Though nmap shows this as blackice-icecap port I do not find any such application running in task manager neither is this installed.
nestat-a just lists this port as 'Listening' and does not list any application name assigned to it, so why is this port there? Who is using this? I have ran antivirus scan and spybot checker just to rule out any malware possibilities.
Nessus Scan (tis weeks plugin feed) does not show this port listed amongst any vulnerability.
Here is the nmap output:
SuSE101:/home/root # nmap -O 192.168.126.245 --osscan-guess
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2007-01-23 11:10 GST
Interesting ports on 192.168.126.245:
(The 1667 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2030/tcp open device2
8081/tcp open blackice-icecap
Device type: general purpose
Running: Microsoft Windows NT/2K/XP
OS details: Microsoft Windows 2000 SP4 or XP SP1
Nmap finished: 1 IP address (1 host up) scanned in 1.107 seconds


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: How to securing endpoints - PRODUCTS, Bughunter
Next by Date:  Re: Highlighting weak password dangers, Kenton Smith
Previous by Thread:  Re: Port 8081 mystery, Alcides
Next by Thread:  Re: Port 8081 mystery, Lukasz
Indexes:  [Date] [Thread] [Top] [All Lists]