All Ports open on IIS Server?

Discussion in 'Computer Security' started by Sqezins, Oct 8, 2004.

  1. Sqezins

    Sqezins Guest

    I was involved in a security audit recently in which I scanned from outside
    the organization the Web Server. It reported no ports responded (even port
    80)! This was grc.com saying that everything was in "stealth" mode.

    The web page immeadiately comes up as an HTTPS page so it obviously
    responds to Port80 and then goes into a secure page mode but even this
    isn't the oddest thing I found.

    On the inside of the firewall, the server reported to NMAP that 100's of
    ports were open. It is running Microsoft IIS webserver.

    In all my teachings the idea of a layered defense seems to go against the
    grain of this. Obviously, the firewall is effective in blocking outside
    entry on these ports but inside is wide open!

    Additionally, I don't understand how all these ports could be opened
    without the appropriate "services" that should be running on this host to
    use the ports?

    What am I missing?
    -
    Sqezins, Oct 8, 2004
    #1
    1. Advertising

  2. Sqezins

    Wimbo Guest

    Sqezins wrote:
    > I was involved in a security audit recently in which I scanned from outside
    > the organization the Web Server. It reported no ports responded (even port
    > 80)! This was grc.com saying that everything was in "stealth" mode.
    >
    > The web page immeadiately comes up as an HTTPS page so it obviously
    > responds to Port80 and then goes into a secure page mode but even this
    > isn't the oddest thing I found.
    >
    > On the inside of the firewall, the server reported to NMAP that 100's of
    > ports were open. It is running Microsoft IIS webserver.
    >
    > In all my teachings the idea of a layered defense seems to go against the
    > grain of this. Obviously, the firewall is effective in blocking outside
    > entry on these ports but inside is wide open!
    >
    > Additionally, I don't understand how all these ports could be opened
    > without the appropriate "services" that should be running on this host to
    > use the ports?
    >
    > What am I missing?
    > -
    >
    >


    If the services aren't set to manual or to disabled (e.g. server service)
    it will listen on those ports. So if you say that there are ports listening
    you should check the server itself on active services. Remember that a
    standard Windows server implementation has al lot of services enabled on
    default (it's a little better with Windows 2003)

    Wimbo
    Wimbo, Oct 8, 2004
    #2
    1. Advertising

  3. Sqezins

    Leythos Guest

    In article <Xns957C83A16833Dggregorcsicom@204.127.199.17>,
    says...
    > I was involved in a security audit recently in which I scanned from outside
    > the organization the Web Server. It reported no ports responded (even port
    > 80)! This was grc.com saying that everything was in "stealth" mode.


    GRC will only scan the IP you are sitting at, not some other IP.


    > The web page immeadiately comes up as an HTTPS page so it obviously
    > responds to Port80 and then goes into a secure page mode but even this
    > isn't the oddest thing I found.


    HTTPS is not using port 80, HTTPS uses port 443.

    > On the inside of the firewall, the server reported to NMAP that 100's of
    > ports were open. It is running Microsoft IIS webserver.


    The server is going to have many ports open, that's why it's behind a
    firewall. If you want to lock the server down, inside your protected
    network, you are going to need more than a firewall.

    > In all my teachings the idea of a layered defense seems to go against the
    > grain of this. Obviously, the firewall is effective in blocking outside
    > entry on these ports but inside is wide open!


    You didn't tell us what type of firewall - if it's an appliance then you
    have nothing blocking the server on the LAN, why would you expect there
    to be any security INSIDE the LAN. If you installed a personal firewall
    application on the server, many of those allow full access by anything
    in the same subnet - that's why you don't use personal firewall
    applications to protect servers.

    > Additionally, I don't understand how all these ports could be opened
    > without the appropriate "services" that should be running on this host to
    > use the ports?


    If a port is open and listening, it's got something in the OS (or
    application) running to allow it to be open/listening - it could not
    respond if there wasn't something down.

    As for internal/external - it's not really bad to have your server open
    inside your private network, as long as you follow proper security
    measures to restrict access from the server to your network systems.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Oct 8, 2004
    #3
  4. Sqezins

    Greg Smith Guest

    Leythos <> wrote in
    news::

    >
    > GRC will only scan the IP you are sitting at, not some other IP.


    Yep, and the webserver was where I was sitting at when I asked for the
    scan to happen. The IP that they (grc) ID'd me at though isn't the same
    one that I find when I'm in the outside world and say "ping
    clientdomain.com" . The DNS servers hit 3 of the 4 octet's right and the
    fourth is off by 4. Close, but no cigar.
    >


    > HTTPS is not using port 80, HTTPS uses port 443.


    Agreed, but when you hit the website for the first time at
    clientdomain.com, aren't you defaulting to port 80 and then redirected
    to an https page using 443?


    > You didn't tell us what type of firewall -
    >

    Sorry, it's an appliance firewall. Watchguard Firebox.

    > If a port is open and listening, it's got something in the OS (or
    > application) running to allow it to be open/listening - it could not
    > respond if there wasn't something down.
    >

    That was my conclusion too. It seems odd for to me that the "web
    server" should be reporting that ports 1-1024 are all open when some of
    the ports are still considered "unknown". Nmap didn't declare this as
    the case on another server within the trusted network.

    > As for internal/external - it's not really bad to have your server
    > open inside your private network,
    >

    Well it doesn't allow regular log-ins or anything like that (except
    admin) and it isn't in the same subnet as the rest of the machines. I
    just scratch my head about how all those ports are being described as
    "open".
    Greg Smith, Oct 9, 2004
    #4
  5. Sqezins

    Leythos Guest

    In article <Xns957CC4F5E5172ggregorcsicom@204.127.204.17>,
    says...
    > > GRC will only scan the IP you are sitting at, not some other IP.

    >
    > Yep, and the webserver was where I was sitting at when I asked for the
    > scan to happen. The IP that they (grc) ID'd me at though isn't the same
    > one that I find when I'm in the outside world and say "ping
    > clientdomain.com" . The DNS servers hit 3 of the 4 octet's right and the
    > fourth is off by 4. Close, but no cigar.


    Then you have a HTTP Proxy configured and your web server is actually
    going outbound on the Firewalls IP when you browse the web from the web
    server.

    You wont get a good GRC scan this way.

    >
    > > HTTPS is not using port 80, HTTPS uses port 443.

    >
    > Agreed, but when you hit the website for the first time at
    > clientdomain.com, aren't you defaulting to port 80 and then redirected
    > to an https page using 443?


    If you type HTTP://WWW.MYSITE.COM the connection is via 80.
    If you type HTTPS://WWW.MYSITE.COM the connection is via 443

    > > You didn't tell us what type of firewall -
    > >

    > Sorry, it's an appliance firewall. Watchguard Firebox.


    If you have a firebox, and I have many of them, and your rules are setup
    properly, the only exposure you have is 80/443 inbound on a HTTP Proxy
    rule mapping public IP to LOCAL Ip via NAT.

    Having something exposed on the LAN does not mean it's exposed through
    the firewall - you have to open holes in the firewall to expose it.


    --
    --

    (Remove 999 to reply to me)
    Leythos, Oct 9, 2004
    #5
  6. Sqezins

    donnie Guest

    On Fri, 08 Oct 2004 20:27:03 GMT, Leythos <> wrote:

    >You didn't tell us what type of firewall -

    ##################
    He also didn't tell us what version of IIS. IIRC it wasn't until
    version 6 that security was worth anything.
    donnie
    donnie, Oct 9, 2004
    #6
  7. >He also didn't tell us what version of IIS. IIRC it wasn't until
    >version 6 that security was worth anything.


    In my experience, security is fine in earlier versions if you set it up
    properly.
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    ?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
    \Crash\ Dummy, Oct 9, 2004
    #7
  8. Sqezins

    Leythos Guest

    In article <>,
    says...
    > On Fri, 08 Oct 2004 20:27:03 GMT, Leythos <> wrote:
    >
    > >You didn't tell us what type of firewall -

    > ##################
    > He also didn't tell us what version of IIS. IIRC it wasn't until
    > version 6 that security was worth anything.


    Donnie, you must not have any experience with IIS 4 or 5. We've had
    hundreds of public IIS servers running without a single compromise or
    problem that was security related.

    You can easily secure IIS 4 and IIS 5, and IIS 6.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Oct 9, 2004
    #8
  9. Sqezins

    donnie Guest

    On Sat, 09 Oct 2004 14:23:24 GMT, Leythos <> wrote:

    >In article <>,
    > says...
    >> On Fri, 08 Oct 2004 20:27:03 GMT, Leythos <> wrote:
    >>
    >> >You didn't tell us what type of firewall -

    >> ##################
    >> He also didn't tell us what version of IIS. IIRC it wasn't until
    >> version 6 that security was worth anything.

    >
    >Donnie, you must not have any experience with IIS 4 or 5. We've had
    >hundreds of public IIS servers running without a single compromise or
    >problem that was security related.
    >
    >You can easily secure IIS 4 and IIS 5, and IIS 6.
    >
    >--

    #####################
    That's correct, I haven't used IIS. It was something that I read and I
    understand that many vulnerabilities are due to mis-configuration.
    donnie
    donnie, Oct 10, 2004
    #9
  10. Sqezins

    David Shaw Guest

    Are you sure that nmap reported that the ports were open, and not
    "filtered" or "closed"? Show us a copy of the scan, if you can.

    -ds
    David Shaw, Oct 10, 2004
    #10
  11. Sqezins

    Greg Guest

    (David Shaw) wrote in
    news::

    > Are you sure that nmap reported that the ports were open, and not
    > "filtered" or "closed"? Show us a copy of the scan, if you can.
    >
    > -ds
    >

    Here it is:

    Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-10-01 16:25
    Warning: OS detection will be MUCH less reliable because we did not find
    at least 1 open and 1 closed TCP port
    Interesting ports on 10.112.x.y (IP changed to protect the innocent):
    PORT STATE SERVICE
    1/tcp open tcpmux
    2/tcp open compressnet
    3/tcp open compressnet
    4/tcp open unknown
    5/tcp open rje
    6/tcp open unknown
    7/tcp open echo
    8/tcp open unknown
    9/tcp open discard
    10/tcp open unknown
    11/tcp open systat
    12/tcp open unknown
    13/tcp open daytime
    14/tcp open unknown
    15/tcp open netstat
    16/tcp open unknown
    17/tcp open qotd
    18/tcp open msp
    19/tcp open chargen
    20/tcp open ftp-data
    21/tcp open ftp
    22/tcp open ssh
    23/tcp open telnet
    24/tcp open priv-mail
    25/tcp open smtp
    26/tcp open unknown
    27/tcp open nsw-fe
    28/tcp open unknown
    29/tcp open msg-icp
    30/tcp open unknown
    31/tcp open msg-auth
    32/tcp open unknown
    33/tcp open dsp
    34/tcp open unknown
    35/tcp open priv-print
    36/tcp open unknown
    37/tcp open time
    38/tcp open rap
    39/tcp open rlp
    40/tcp open unknown
    41/tcp open graphics
    42/tcp open nameserver
    43/tcp open whois
    44/tcp open mpm-flags
    45/tcp open mpm
    46/tcp open mpm-snd
    47/tcp open ni-ftp
    48/tcp open auditd
    49/tcp open tacacs
    50/tcp open re-mail-ck
    51/tcp open la-maint
    52/tcp open xns-time
    53/tcp open domain
    54/tcp open xns-ch
    55/tcp open isi-gl
    56/tcp open xns-auth
    57/tcp open priv-term
    58/tcp open xns-mail
    59/tcp open priv-file
    60/tcp open unknown
    61/tcp open ni-mail
    62/tcp open acas
    63/tcp open via-ftp
    64/tcp open covia
    65/tcp open tacacs-ds
    66/tcp open sql*net
    67/tcp open dhcpserver
    68/tcp open dhcpclient
    69/tcp open tftp
    70/tcp open gopher
    71/tcp open netrjs-1
    72/tcp open netrjs-2
    73/tcp open netrjs-3
    74/tcp open netrjs-4
    75/tcp open priv-dial
    76/tcp open deos
    77/tcp open priv-rje
    78/tcp open vettcp
    79/tcp open finger
    80/tcp open http
    81/tcp open hosts2-ns
    82/tcp open xfer
    83/tcp open mit-ml-dev
    84/tcp open ctf
    85/tcp open mit-ml-dev
    86/tcp open mfcobol
    87/tcp open priv-term-l
    88/tcp open kerberos-sec
    89/tcp open su-mit-tg
    90/tcp open dnsix
    91/tcp open mit-dov
    92/tcp open npp
    93/tcp open dcp
    94/tcp open objcall
    95/tcp open supdup
    96/tcp open dixie
    97/tcp open swift-rvf
    98/tcp open linuxconf
    99/tcp open metagram
    100/tcp open newacct
    101/tcp open hostname
    102/tcp open iso-tsap
    103/tcp open gppitnp
    104/tcp open acr-nema
    105/tcp open csnet-ns
    106/tcp open pop3pw
    107/tcp open rtelnet
    108/tcp open snagas
    109/tcp open pop-2
    110/tcp open pop-3
    111/tcp open rpcbind
    112/tcp open mcidas
    113/tcp open auth
    114/tcp open audionews
    115/tcp open sftp
    116/tcp open ansanotify
    117/tcp open uucp-path
    118/tcp open sqlserv
    119/tcp open nntp
    120/tcp open cfdptkt
    121/tcp open erpc
    122/tcp open smakynet
    123/tcp open ntp
    124/tcp open ansatrader
    125/tcp open locus-map
    126/tcp open unitary
    127/tcp open locus-con
    128/tcp open gss-xlicen
    129/tcp open pwdgen
    130/tcp open cisco-fna
    131/tcp open cisco-tna
    132/tcp open cisco-sys
    133/tcp open statsrv
    134/tcp open ingres-net
    135/tcp open msrpc
    136/tcp open profile
    137/tcp open netbios-ns
    138/tcp open netbios-dgm
    139/tcp open netbios-ssn
    140/tcp open emfis-data
    141/tcp open emfis-cntl
    142/tcp open bl-idm
    143/tcp open imap
    144/tcp open news
    145/tcp open uaac
    146/tcp open iso-tp0
    147/tcp open iso-ip
    148/tcp open cronus
    149/tcp open aed-512
    150/tcp open sql-net
    151/tcp open hems
    152/tcp open bftp
    153/tcp open sgmp
    154/tcp open netsc-prod
    155/tcp open netsc-dev
    156/tcp open sqlsrv
    157/tcp open knet-cmp
    158/tcp open pcmail-srv
    159/tcp open nss-routing
    160/tcp open sgmp-traps
    161/tcp open snmp
    162/tcp open snmptrap
    163/tcp open cmip-man
    164/tcp open cmip-agent
    165/tcp open xns-courier
    166/tcp open s-net
    167/tcp open namp
    168/tcp open rsvd
    169/tcp open send
    170/tcp open print-srv
    171/tcp open multiplex
    172/tcp open cl-1
    173/tcp open xyplex-mux
    174/tcp open mailq
    175/tcp open vmnet
    176/tcp open genrad-mux
    177/tcp open xdmcp
    178/tcp open nextstep
    179/tcp open bgp
    180/tcp open ris
    181/tcp open unify
    182/tcp open audit
    183/tcp open ocbinder
    184/tcp open ocserver
    185/tcp open remote-kis
    186/tcp open kis
    187/tcp open aci
    188/tcp open mumps
    189/tcp open qft
    190/tcp open gacp
    191/tcp open prospero
    192/tcp open osu-nms
    193/tcp open srmp
    194/tcp open irc
    195/tcp open dn6-nlm-aud
    196/tcp open dn6-smm-red
    197/tcp open dls
    198/tcp open dls-mon
    199/tcp open smux
    200/tcp open src
    201/tcp open at-rtmp
    202/tcp open at-nbp
    203/tcp open at-3
    204/tcp open at-echo
    205/tcp open at-5
    206/tcp open at-zis
    207/tcp open at-7
    208/tcp open at-8
    209/tcp open tam
    210/tcp open z39.50
    211/tcp open 914c-g
    212/tcp open anet
    213/tcp open ipx
    214/tcp open vmpwscs
    215/tcp open softpc
    216/tcp open atls
    217/tcp open dbase
    218/tcp open mpp
    219/tcp open uarps
    220/tcp open imap3
    221/tcp open fln-spx
    222/tcp open rsh-spx
    223/tcp open cdc
    224/tcp open unknown
    225/tcp open unknown
    226/tcp open unknown
    227/tcp open unknown
    228/tcp open unknown
    229/tcp open unknown
    230/tcp open unknown
    231/tcp open unknown
    232/tcp open unknown
    233/tcp open unknown
    234/tcp open unknown
    235/tcp open unknown
    236/tcp open unknown
    237/tcp open unknown
    238/tcp open unknown
    239/tcp open unknown
    240/tcp open unknown
    241/tcp open unknown
    242/tcp open direct
    243/tcp open sur-meas
    244/tcp open dayna
    245/tcp open link
    246/tcp open dsp3270
    247/tcp open subntbcst_tftp
    248/tcp open bhfhs
    249/tcp open unknown
    250/tcp open unknown
    251/tcp open unknown
    252/tcp open unknown
    253/tcp open unknown
    254/tcp open unknown
    255/tcp open unknown
    256/tcp open FW1-secureremote
    257/tcp open FW1-mc-fwmodule
    258/tcp open Fw1-mc-gui
    259/tcp open esro-gen
    260/tcp open openport
    261/tcp open nsiiops
    262/tcp open arcisdms
    263/tcp open hdap
    264/tcp open bgmp
    265/tcp open maybeFW1
    266/tcp open unknown
    267/tcp open unknown
    268/tcp open unknown
    269/tcp open unknown
    270/tcp open unknown
    271/tcp open unknown
    272/tcp open unknown
    273/tcp open unknown
    274/tcp open unknown
    275/tcp open unknown
    276/tcp open unknown
    277/tcp open unknown
    278/tcp open unknown
    279/tcp open unknown
    280/tcp open http-mgmt
    281/tcp open personal-link
    282/tcp open cableport-ax
    283/tcp open unknown
    284/tcp open unknown
    285/tcp open unknown
    286/tcp open unknown
    287/tcp open unknown
    288/tcp open unknown
    289/tcp open unknown
    290/tcp open unknown
    291/tcp open unknown
    292/tcp open unknown
    293/tcp open unknown
    294/tcp open unknown
    295/tcp open unknown
    296/tcp open unknown
    297/tcp open unknown
    298/tcp open unknown
    299/tcp open unknown
    300/tcp open unknown
    301/tcp open unknown
    302/tcp open unknown
    303/tcp open unknown
    304/tcp open unknown
    305/tcp open unknown
    306/tcp open unknown
    307/tcp open unknown
    308/tcp open novastorbakcup
    309/tcp open entrusttime
    310/tcp open bhmds
    311/tcp open asip-webadmin
    312/tcp open vslmp
    313/tcp open magenta-logic
    314/tcp open opalis-robot
    315/tcp open dpsi
    316/tcp open decauth
    317/tcp open zannet
    318/tcp open unknown
    319/tcp open unknown
    320/tcp open unknown
    321/tcp open pip
    322/tcp open unknown
    323/tcp open unknown
    324/tcp open unknown
    325/tcp open unknown
    326/tcp open unknown
    327/tcp open unknown
    328/tcp open unknown
    329/tcp open unknown
    330/tcp open unknown
    331/tcp open unknown
    332/tcp open unknown
    333/tcp open unknown
    334/tcp open unknown
    335/tcp open unknown
    336/tcp open unknown
    337/tcp open unknown
    338/tcp open unknown
    339/tcp open unknown
    340/tcp open unknown
    341/tcp open unknown
    342/tcp open unknown
    343/tcp open unknown
    344/tcp open pdap
    345/tcp open pawserv
    346/tcp open zserv
    347/tcp open fatserv
    348/tcp open csi-sgwp
    349/tcp open mftp
    350/tcp open matip-type-a
    351/tcp open matip-type-b
    352/tcp open dtag-ste-sb
    353/tcp open ndsauth
    354/tcp open bh611
    355/tcp open datex-asn
    356/tcp open cloanto-net-1
    357/tcp open bhevent
    358/tcp open shrinkwrap
    359/tcp open tenebris_nts
    360/tcp open scoi2odialog
    361/tcp open semantix
    362/tcp open srssend
    363/tcp open rsvp_tunnel
    364/tcp open aurora-cmgr
    365/tcp open dtk
    366/tcp open odmr
    367/tcp open mortgageware
    368/tcp open qbikgdp
    369/tcp open rpc2portmap
    370/tcp open codaauth2
    371/tcp open clearcase
    372/tcp open ulistserv
    373/tcp open legent-1
    374/tcp open legent-2
    375/tcp open hassle
    376/tcp open nip
    377/tcp open tnETOS
    378/tcp open dsETOS
    379/tcp open is99c
    380/tcp open is99s
    381/tcp open hp-collector
    382/tcp open hp-managed-node
    383/tcp open hp-alarm-mgr
    384/tcp open arns
    385/tcp open ibm-app
    386/tcp open asa
    387/tcp open aurp
    388/tcp open unidata-ldm
    389/tcp open ldap
    390/tcp open uis
    391/tcp open synotics-relay
    392/tcp open synotics-broker
    393/tcp open dis
    394/tcp open embl-ndt
    395/tcp open netcp
    396/tcp open netware-ip
    397/tcp open mptn
    398/tcp open kryptolan
    399/tcp open iso-tsap-c2
    400/tcp open work-sol
    401/tcp open ups
    402/tcp open genie
    403/tcp open decap
    404/tcp open nced
    405/tcp open ncld
    406/tcp open imsp
    407/tcp open timbuktu
    408/tcp open prm-sm
    409/tcp open prm-nm
    410/tcp open decladebug
    411/tcp open rmt
    412/tcp open synoptics-trap
    413/tcp open smsp
    414/tcp open infoseek
    415/tcp open bnet
    416/tcp open silverplatter
    417/tcp open onmux
    418/tcp open hyper-g
    419/tcp open ariel1
    420/tcp open smpte
    421/tcp open ariel2
    422/tcp open ariel3
    423/tcp open opc-job-start
    424/tcp open opc-job-track
    425/tcp open icad-el
    426/tcp open smartsdp
    427/tcp open svrloc
    428/tcp open ocs_cmu
    429/tcp open ocs_amu
    430/tcp open utmpsd
    431/tcp open utmpcd
    432/tcp open iasd
    433/tcp open nnsp
    434/tcp open mobileip-agent
    435/tcp open mobilip-mn
    436/tcp open dna-cml
    437/tcp open comscm
    438/tcp open dsfgw
    439/tcp open dasp
    440/tcp open sgcp
    441/tcp open decvms-sysmgt
    442/tcp open cvc_hostd
    443/tcp open https
    444/tcp open snpp
    445/tcp open microsoft-ds
    446/tcp open ddm-rdb
    447/tcp open ddm-dfm
    448/tcp open ddm-ssl
    449/tcp open as-servermap
    450/tcp open tserver
    451/tcp open sfs-smp-net
    452/tcp open sfs-config
    453/tcp open creativeserver
    454/tcp open contentserver
    455/tcp open creativepartnr
    456/tcp open macon-tcp
    457/tcp open scohelp
    458/tcp open appleqtc
    459/tcp open ampr-rcmd
    460/tcp open skronk
    461/tcp open datasurfsrv
    462/tcp open datasurfsrvsec
    463/tcp open alpes
    464/tcp open kpasswd5
    465/tcp open smtps
    466/tcp open digital-vrc
    467/tcp open mylex-mapd
    468/tcp open photuris
    469/tcp open rcp
    470/tcp open scx-proxy
    471/tcp open mondex
    472/tcp open ljk-login
    473/tcp open hybrid-pop
    474/tcp open tn-tl-w1
    475/tcp open tcpnethaspsrv
    476/tcp open tn-tl-fd1
    477/tcp open ss7ns
    478/tcp open spsc
    479/tcp open iafserver
    480/tcp open loadsrv
    481/tcp open dvs
    482/tcp open bgs-nsi
    483/tcp open ulpnet
    484/tcp open integra-sme
    485/tcp open powerburst
    486/tcp open sstats
    487/tcp open saft
    488/tcp open gss-http
    489/tcp open nest-protocol
    490/tcp open micom-pfs
    491/tcp open go-login
    492/tcp open ticf-1
    493/tcp open ticf-2
    494/tcp open pov-ray
    495/tcp open intecourier
    496/tcp open pim-rp-disc
    497/tcp open dantz
    498/tcp open siam
    499/tcp open iso-ill
    500/tcp open isakmp
    501/tcp open stmf
    502/tcp open asa-appl-proto
    503/tcp open intrinsa
    504/tcp open citadel
    505/tcp open mailbox-lm
    506/tcp open ohimsrv
    507/tcp open crs
    508/tcp open xvttp
    509/tcp open snare
    510/tcp open fcp
    511/tcp open passgo
    512/tcp open exec
    513/tcp open login
    514/tcp open shell
    515/tcp open printer
    516/tcp open videotex
    517/tcp open talk
    518/tcp open ntalk
    519/tcp open utime
    520/tcp open efs
    521/tcp open ripng
    522/tcp open ulp
    523/tcp open ibm-db2
    524/tcp open ncp
    525/tcp open timed
    526/tcp open tempo
    527/tcp open stx
    528/tcp open custix
    529/tcp open irc-serv
    530/tcp open courier
    531/tcp open conference
    532/tcp open netnews
    533/tcp open netwall
    534/tcp open mm-admin
    535/tcp open iiop
    536/tcp open opalis-rdv
    537/tcp open nmsp
    538/tcp open gdomap
    539/tcp open apertus-ldp
    540/tcp open uucp
    541/tcp open uucp-rlogin
    542/tcp open commerce
    543/tcp open klogin
    544/tcp open kshell
    545/tcp open ekshell
    546/tcp open dhcpv6-client
    547/tcp open dhcpv6-server
    548/tcp open afpovertcp
    549/tcp open idfp
    550/tcp open new-rwho
    551/tcp open cybercash
    552/tcp open deviceshare
    553/tcp open pirp
    554/tcp open rtsp
    555/tcp open dsf
    556/tcp open remotefs
    557/tcp open openvms-sysipc
    558/tcp open sdnskmp
    559/tcp open teedtap
    560/tcp open rmonitor
    561/tcp open monitor
    562/tcp open chshell
    563/tcp open snews
    564/tcp open 9pfs
    565/tcp open whoami
    566/tcp open streettalk
    567/tcp open banyan-rpc
    568/tcp open ms-shuttle
    569/tcp open ms-rome
    570/tcp open meter
    571/tcp open umeter
    572/tcp open sonar
    573/tcp open banyan-vip
    574/tcp open ftp-agent
    575/tcp open vemmi
    576/tcp open ipcd
    577/tcp open vnas
    578/tcp open ipdd
    579/tcp open decbsrv
    580/tcp open sntp-heartbeat
    581/tcp open bdp
    582/tcp open scc-security
    583/tcp open philips-vc
    584/tcp open keyserver
    585/tcp open imap4-ssl
    586/tcp open password-chg
    587/tcp open submission
    588/tcp open cal
    589/tcp open eyelink
    590/tcp open tns-cml
    591/tcp open http-alt
    592/tcp open eudora-set
    593/tcp open http-rpc-epmap
    594/tcp open tpip
    595/tcp open cab-protocol
    596/tcp open smsd
    597/tcp open ptcnameservice
    598/tcp open sco-websrvrmg3
    599/tcp open acp
    600/tcp open ipcserver
    601/tcp open unknown
    602/tcp open unknown
    603/tcp open unknown
    604/tcp open unknown
    605/tcp open unknown
    606/tcp open urm
    607/tcp open nqs
    608/tcp open sift-uft
    609/tcp open npmp-trap
    610/tcp open npmp-local
    611/tcp open npmp-gui
    612/tcp open unknown
    613/tcp open unknown
    614/tcp open unknown
    615/tcp open unknown
    616/tcp open unknown
    617/tcp open sco-dtmgr
    618/tcp open unknown
    619/tcp open unknown
    620/tcp open unknown
    621/tcp open unknown
    622/tcp open unknown
    623/tcp open unknown
    624/tcp open unknown
    625/tcp open unknown
    626/tcp open unknown
    627/tcp open unknown
    628/tcp open qmqp
    629/tcp open unknown
    630/tcp open unknown
    631/tcp open ipp
    632/tcp open unknown
    633/tcp open unknown
    634/tcp open ginad
    635/tcp open unknown
    636/tcp open ldapssl
    637/tcp open lanserver
    638/tcp open unknown
    639/tcp open unknown
    640/tcp open unknown
    641/tcp open unknown
    642/tcp open unknown
    643/tcp open unknown
    644/tcp open unknown
    645/tcp open unknown
    646/tcp open unknown
    647/tcp open unknown
    648/tcp open unknown
    649/tcp open unknown
    650/tcp open unknown
    651/tcp open unknown
    652/tcp open unknown
    653/tcp open unknown
    654/tcp open unknown
    655/tcp open unknown
    656/tcp open unknown
    657/tcp open unknown
    658/tcp open unknown
    659/tcp open unknown
    660/tcp open mac-srvr-admin
    661/tcp open unknown
    662/tcp open unknown
    663/tcp open unknown
    664/tcp open unknown
    665/tcp open unknown
    666/tcp open doom
    667/tcp open unknown
    668/tcp open unknown
    669/tcp open unknown
    670/tcp open unknown
    671/tcp open unknown
    672/tcp open unknown
    673/tcp open unknown
    674/tcp open acap
    675/tcp open unknown
    676/tcp open unknown
    677/tcp open unknown
    678/tcp open unknown
    679/tcp open unknown
    680/tcp open unknown
    681/tcp open unknown
    682/tcp open unknown
    683/tcp open unknown
    684/tcp open unknown
    685/tcp open unknown
    686/tcp open unknown
    687/tcp open unknown
    688/tcp open unknown
    689/tcp open unknown
    690/tcp open unknown
    691/tcp open resvc
    692/tcp open unknown
    693/tcp open unknown
    694/tcp open unknown
    695/tcp open unknown
    696/tcp open unknown
    697/tcp open unknown
    698/tcp open unknown
    699/tcp open unknown
    700/tcp open unknown
    701/tcp open unknown
    702/tcp open unknown
    703/tcp open unknown
    704/tcp open elcsd
    705/tcp open unknown
    706/tcp open silc
    707/tcp open unknown
    708/tcp open unknown
    709/tcp open entrustmanager
    710/tcp open unknown
    711/tcp open unknown
    712/tcp open unknown
    713/tcp open unknown
    714/tcp open unknown
    715/tcp open unknown
    716/tcp open unknown
    717/tcp open unknown
    718/tcp open unknown
    719/tcp open unknown
    720/tcp open unknown
    721/tcp open unknown
    722/tcp open unknown
    723/tcp open omfs
    724/tcp open unknown
    725/tcp open unknown
    726/tcp open unknown
    727/tcp open unknown
    728/tcp open unknown
    729/tcp open netviewdm1
    730/tcp open netviewdm2
    731/tcp open netviewdm3
    732/tcp open unknown
    733/tcp open unknown
    734/tcp open unknown
    735/tcp open unknown
    736/tcp open unknown
    737/tcp open unknown
    738/tcp open unknown
    739/tcp open unknown
    740/tcp open netcp
    741/tcp open netgw
    742/tcp open netrcs
    743/tcp open unknown
    744/tcp open flexlm
    745/tcp open unknown
    746/tcp open unknown
    747/tcp open fujitsu-dev
    748/tcp open ris-cm
    749/tcp open kerberos-adm
    750/tcp open kerberos
    751/tcp open kerberos_master
    752/tcp open qrh
    753/tcp open rrh
    754/tcp open krb_prop
    755/tcp open unknown
    756/tcp open unknown
    757/tcp open unknown
    758/tcp open nlogin
    759/tcp open con
    760/tcp open krbupdate
    761/tcp open kpasswd
    762/tcp open quotad
    763/tcp open cycleserv
    764/tcp open omserv
    765/tcp open webster
    766/tcp open unknown
    767/tcp open phonebook
    768/tcp open unknown
    769/tcp open vid
    770/tcp open cadlock
    771/tcp open rtip
    772/tcp open cycleserv2
    773/tcp open submit
    774/tcp open rpasswd
    775/tcp open entomb
    776/tcp open wpages
    777/tcp open unknown
    778/tcp open unknown
    779/tcp open unknown
    780/tcp open wpgs
    781/tcp open hp-collector
    782/tcp open hp-managed-node
    783/tcp open hp-alarm-mgr
    784/tcp open unknown
    785/tcp open unknown
    786/tcp open concert
    787/tcp open unknown
    788/tcp open unknown
    789/tcp open unknown
    790/tcp open unknown
    791/tcp open unknown
    792/tcp open unknown
    793/tcp open unknown
    794/tcp open unknown
    795/tcp open unknown
    796/tcp open unknown
    797/tcp open unknown
    798/tcp open unknown
    799/tcp open controlit
    800/tcp open mdbs_daemon
    801/tcp open device
    802/tcp open unknown
    803/tcp open unknown
    804/tcp open unknown
    805/tcp open unknown
    806/tcp open unknown
    807/tcp open unknown
    808/tcp open unknown
    809/tcp open unknown
    810/tcp open unknown
    811/tcp open unknown
    812/tcp open unknown
    813/tcp open unknown
    814/tcp open unknown
    815/tcp open unknown
    816/tcp open unknown
    817/tcp open unknown
    818/tcp open unknown
    819/tcp open unknown
    820/tcp open unknown
    821/tcp open unknown
    822/tcp open unknown
    823/tcp open unknown
    824/tcp open unknown
    825/tcp open unknown
    826/tcp open unknown
    827/tcp open unknown
    828/tcp open unknown
    829/tcp open unknown
    830/tcp open unknown
    831/tcp open unknown
    832/tcp open unknown
    833/tcp open unknown
    834/tcp open unknown
    835/tcp open unknown
    836/tcp open unknown
    837/tcp open unknown
    838/tcp open unknown
    839/tcp open unknown
    840/tcp open unknown
    841/tcp open unknown
    842/tcp open unknown
    843/tcp open unknown
    844/tcp open unknown
    845/tcp open unknown
    846/tcp open unknown
    847/tcp open unknown
    848/tcp open unknown
    849/tcp open unknown
    850/tcp open unknown
    851/tcp open unknown
    852/tcp open unknown
    853/tcp open unknown
    854/tcp open unknown
    855/tcp open unknown
    856/tcp open unknown
    857/tcp open unknown
    858/tcp open unknown
    859/tcp open unknown
    860/tcp open unknown
    861/tcp open unknown
    862/tcp open unknown
    863/tcp open unknown
    864/tcp open unknown
    865/tcp open unknown
    866/tcp open unknown
    867/tcp open unknown
    868/tcp open unknown
    869/tcp open unknown
    870/tcp open unknown
    871/tcp open supfilesrv
    872/tcp open unknown
    873/tcp open rsync
    874/tcp open unknown
    875/tcp open unknown
    876/tcp open unknown
    877/tcp open unknown
    878/tcp open unknown
    879/tcp open unknown
    880/tcp open unknown
    881/tcp open unknown
    882/tcp open unknown
    883/tcp open unknown
    884/tcp open unknown
    885/tcp open unknown
    886/tcp open unknown
    887/tcp open unknown
    888/tcp open accessbuilder
    889/tcp open unknown
    890/tcp open unknown
    891/tcp open unknown
    892/tcp open unknown
    893/tcp open unknown
    894/tcp open unknown
    895/tcp open unknown
    896/tcp open unknown
    897/tcp open unknown
    898/tcp open sun-manageconsole
    899/tcp open unknown
    900/tcp open unknown
    901/tcp open samba-swat
    902/tcp open unknown
    903/tcp open unknown
    904/tcp open unknown
    905/tcp open unknown
    906/tcp open unknown
    907/tcp open unknown
    908/tcp open unknown
    909/tcp open unknown
    910/tcp open unknown
    911/tcp open unknown
    912/tcp open unknown
    913/tcp open unknown
    914/tcp open unknown
    915/tcp open unknown
    916/tcp open unknown
    917/tcp open unknown
    918/tcp open unknown
    919/tcp open unknown
    920/tcp open unknown
    921/tcp open unknown
    922/tcp open unknown
    923/tcp open unknown
    924/tcp open unknown
    925/tcp open unknown
    926/tcp open unknown
    927/tcp open unknown
    928/tcp open unknown
    929/tcp open unknown
    930/tcp open unknown
    931/tcp open unknown
    932/tcp open unknown
    933/tcp open unknown
    934/tcp open unknown
    935/tcp open unknown
    936/tcp open unknown
    937/tcp open unknown
    938/tcp open unknown
    939/tcp open unknown
    940/tcp open unknown
    941/tcp open unknown
    942/tcp open unknown
    943/tcp open unknown
    944/tcp open unknown
    945/tcp open unknown
    946/tcp open unknown
    947/tcp open unknown
    948/tcp open unknown
    949/tcp open unknown
    950/tcp open oftep-rpc
    951/tcp open unknown
    952/tcp open unknown
    953/tcp open rndc
    954/tcp open unknown
    955/tcp open unknown
    956/tcp open unknown
    957/tcp open unknown
    958/tcp open unknown
    959/tcp open unknown
    960/tcp open unknown
    961/tcp open unknown
    962/tcp open unknown
    963/tcp open unknown
    964/tcp open unknown
    965/tcp open unknown
    966/tcp open unknown
    967/tcp open unknown
    968/tcp open unknown
    969/tcp open unknown
    970/tcp open unknown
    971/tcp open unknown
    972/tcp open unknown
    973/tcp open unknown
    974/tcp open unknown
    975/tcp open securenetpro-sensor
    976/tcp open unknown
    977/tcp open unknown
    978/tcp open unknown
    979/tcp open unknown
    980/tcp open unknown
    981/tcp open unknown
    982/tcp open unknown
    983/tcp open unknown
    984/tcp open unknown
    985/tcp open unknown
    986/tcp open unknown
    987/tcp open unknown
    988/tcp open unknown
    989/tcp open ftps-data
    990/tcp open ftps
    991/tcp open unknown
    992/tcp open telnets
    993/tcp open imaps
    994/tcp open ircs
    995/tcp open pop3s
    996/tcp open xtreelic
    997/tcp open maitrd
    998/tcp open busboy
    999/tcp open garcon
    1000/tcp open cadlock
    1001/tcp open unknown
    1002/tcp open unknown
    1003/tcp open unknown
    1004/tcp open unknown
    1005/tcp open unknown
    1006/tcp open unknown
    1007/tcp open unknown
    1008/tcp open ufsd
    1009/tcp open unknown
    1010/tcp open unknown
    1011/tcp open unknown
    1012/tcp open unknown
    1013/tcp open unknown
    1014/tcp open unknown
    1015/tcp open unknown
    1016/tcp open unknown
    1017/tcp open unknown
    1018/tcp open unknown
    1019/tcp open unknown
    1020/tcp open unknown
    1021/tcp open unknown
    1022/tcp open unknown
    1023/tcp open netvenuechat
    1024/tcp open kdm
    1025/tcp open NFS-or-IIS
    1026/tcp open LSA-or-nterm
    1027/tcp open IIS
    1029/tcp open ms-lsa
    1030/tcp open iad1
    1031/tcp open iad2
    1032/tcp open iad3
    1033/tcp open netinfo
    1040/tcp open netsaint
    1050/tcp open java-or-OTGfileshare
    1058/tcp open nim
    1059/tcp open nimreg
    1067/tcp open instl_boots
    1068/tcp open instl_bootc
    1076/tcp open sns_credit
    1080/tcp open socks
    1083/tcp open ansoft-lm-1
    1084/tcp open ansoft-lm-2
    1103/tcp open xaudio
    1109/tcp open kpop
    1110/tcp open nfsd-status
    1112/tcp open msql
    1127/tcp open supfiledbg
    1139/tcp open cce3x
    1155/tcp open nfa
    1178/tcp open skkserv
    1212/tcp open lupa
    1214/tcp open fasttrack
    1220/tcp open quicktime
    1222/tcp open nerv
    1234/tcp open hotline
    1241/tcp open nessus
    1248/tcp open hermes
    1337/tcp open waste
    1346/tcp open alta-ana-lm
    1347/tcp open bbn-mmc
    1348/tcp open bbn-mmx
    1349/tcp open sbook
    1350/tcp open editbench
    1351/tcp open equationbuilder
    1352/tcp open lotusnotes
    1353/tcp open relief
    1354/tcp open rightbrain
    1355/tcp open intuitive-edge
    1356/tcp open cuillamartin
    1357/tcp open pegboard
    1358/tcp open connlcli
    1359/tcp open ftsrv
    1360/tcp open mimer
    1361/tcp open linx
    1362/tcp open timeflies
    1363/tcp open ndm-requester
    1364/tcp open ndm-server
    1365/tcp open adapt-sna
    1366/tcp open netware-csp
    1367/tcp open dcs
    1368/tcp open screencast
    1369/tcp open gv-us
    1370/tcp open us-gv
    1371/tcp open fc-cli
    1372/tcp open fc-ser
    1373/tcp open chromagrafx
    1374/tcp open molly
    1375/tcp open bytex
    1376/tcp open ibm-pps
    1377/tcp open cichlid
    1378/tcp open elan
    1379/tcp open dbreporter
    1380/tcp open telesis-licman
    1381/tcp open apple-licman
    1383/tcp open gwha
    1384/tcp open os-licman
    1385/tcp open atex_elmd
    1386/tcp open checksum
    1387/tcp open cadsi-lm
    1388/tcp open objective-dbc
    1389/tcp open iclpv-dm
    1390/tcp open iclpv-sc
    1391/tcp open iclpv-sas
    1392/tcp open iclpv-pm
    1393/tcp open iclpv-nls
    1394/tcp open iclpv-nlc
    1395/tcp open iclpv-wsm
    1396/tcp open dvl-activemail
    1397/tcp open audio-activmail
    1398/tcp open video-activmail
    1399/tcp open cadkey-licman
    1400/tcp open cadkey-tablet
    1401/tcp open goldleaf-licman
    1402/tcp open prm-sm-np
    1403/tcp open prm-nm-np
    1404/tcp open igi-lm
    1405/tcp open ibm-res
    1406/tcp open netlabs-lm
    1407/tcp open dbsa-lm
    1408/tcp open sophia-lm
    1409/tcp open here-lm
    1410/tcp open hiq
    1411/tcp open af
    1412/tcp open innosys
    1413/tcp open innosys-acl
    1414/tcp open ibm-mqseries
    1415/tcp open dbstar
    1416/tcp open novell-lu6.2
    1417/tcp open timbuktu-srv1
    1418/tcp open timbuktu-srv2
    1419/tcp open timbuktu-srv3
    1420/tcp open timbuktu-srv4
    1421/tcp open gandalf-lm
    1422/tcp open autodesk-lm
    1423/tcp open essbase
    1424/tcp open hybrid
    1425/tcp open zion-lm
    1426/tcp open sas-1
    1427/tcp open mloadd
    1428/tcp open informatik-lm
    1429/tcp open nms
    1430/tcp open tpdu
    1431/tcp open rgtp
    1432/tcp open blueberry-lm
    1433/tcp open ms-sql-s
    1434/tcp open ms-sql-m
    1435/tcp open ibm-cics
    1436/tcp open sas-2
    1437/tcp open tabula
    1438/tcp open eicon-server
    1439/tcp open eicon-x25
    1440/tcp open eicon-slp
    1441/tcp open cadis-1
    1442/tcp open cadis-2
    1443/tcp open ies-lm
    1444/tcp open marcam-lm
    1445/tcp open proxima-lm
    1446/tcp open ora-lm
    1447/tcp open apri-lm
    1448/tcp open oc-lm
    1449/tcp open peport
    1450/tcp open dwf
    1451/tcp open infoman
    1452/tcp open gtegsc-lm
    1453/tcp open genie-lm
    1454/tcp open interhdl_elmd
    1455/tcp open esl-lm
    1456/tcp open dca
    1457/tcp open valisys-lm
    1458/tcp open nrcabq-lm
    1459/tcp open proshare1
    1460/tcp open proshare2
    1461/tcp open ibm_wrless_lan
    1462/tcp open world-lm
    1463/tcp open nucleus
    1464/tcp open msl_lmd
    1465/tcp open pipes
    1466/tcp open oceansoft-lm
    1467/tcp open csdmbase
    1468/tcp open csdm
    1469/tcp open aal-lm
    1470/tcp open uaiact
    1471/tcp open csdmbase
    1472/tcp open csdm
    1473/tcp open openmath
    1474/tcp open telefinder
    1475/tcp open taligent-lm
    1476/tcp open clvm-cfg
    1477/tcp open ms-sna-server
    1478/tcp open ms-sna-base
    1479/tcp open dberegister
    1480/tcp open pacerforum
    1481/tcp open airs
    1482/tcp open miteksys-lm
    1483/tcp open afs
    1484/tcp open confluent
    1485/tcp open lansource
    1486/tcp open nms_topo_serv
    1487/tcp open localinfosrvr
    1488/tcp open docstor
    1489/tcp open dmdocbroker
    1490/tcp open insitu-conf
    1491/tcp open anynetgateway
    1492/tcp open stone-design-1
    1493/tcp open netmap_lm
    1494/tcp open citrix-ica
    1495/tcp open cvc
    1496/tcp open liberty-lm
    1497/tcp open rfx-lm
    1498/tcp open watcom-sql
    1499/tcp open fhc
    1500/tcp open vlsi-lm
    1501/tcp open sas-3
    1502/tcp open shivadiscovery
    1503/tcp open imtc-mcs
    1504/tcp open evb-elm
    1505/tcp open funkproxy
    1506/tcp open utcd
    1507/tcp open symplex
    1508/tcp open diagmond
    1509/tcp open robcad-lm
    1510/tcp open mvx-lm
    1511/tcp open 3l-l1
    1512/tcp open wins
    1513/tcp open fujitsu-dtc
    1514/tcp open fujitsu-dtcns
    1515/tcp open ifor-protocol
    1516/tcp open vpad
    1517/tcp open vpac
    1518/tcp open vpvd
    1519/tcp open vpvc
    1520/tcp open atm-zip-office
    1521/tcp open oracle
    1522/tcp open rna-lm
    1523/tcp open cichild-lm
    1524/tcp open ingreslock
    1525/tcp open orasrv
    1526/tcp open pdap-np
    1527/tcp open tlisrv
    1528/tcp open mciautoreg
    1529/tcp open support
    1530/tcp open rap-service
    1531/tcp open rap-listen
    1532/tcp open miroconnect
    1533/tcp open virtual-places
    1534/tcp open micromuse-lm
    1535/tcp open ampr-info
    1536/tcp open ampr-inter
    1537/tcp open sdsc-lm
    1538/tcp open 3ds-lm
    1539/tcp open intellistor-lm
    1540/tcp open rds
    1541/tcp open rds2
    1542/tcp open gridgen-elmd
    1543/tcp open simba-cs
    1544/tcp open aspeclmd
    1545/tcp open vistium-share
    1546/tcp open abbaccuray
    1547/tcp open laplink
    1548/tcp open axon-lm
    1549/tcp open shivahose
    1550/tcp open 3m-image-lm
    1551/tcp open hecmtl-db
    1552/tcp open pciarray
    1600/tcp open issd
    1650/tcp open nkd
    1651/tcp open shiva_confsrvr
    1652/tcp open xnmp
    1661/tcp open netview-aix-1
    1662/tcp open netview-aix-2
    1663/tcp open netview-aix-3
    1664/tcp open netview-aix-4
    1665/tcp open netview-aix-5
    1666/tcp open netview-aix-6
    1667/tcp open netview-aix-7
    1668/tcp open netview-aix-8
    1669/tcp open netview-aix-9
    1670/tcp open netview-aix-10
    1671/tcp open netview-aix-11
    1672/tcp open netview-aix-12
    1680/tcp open CarbonCopy
    1720/tcp open H.323/Q.931
    1723/tcp open pptp
    1755/tcp open wms
    1761/tcp open landesk-rc
    1762/tcp open landesk-rc
    1763/tcp open landesk-rc
    1764/tcp open landesk-rc
    1827/tcp open pcm
    1900/tcp open UPnP
    1984/tcp open bigbrother
    1986/tcp open licensedaemon
    1987/tcp open tr-rsrb-p1
    1988/tcp open tr-rsrb-p2
    1989/tcp open tr-rsrb-p3
    1990/tcp open stun-p1
    1991/tcp open stun-p2
    1992/tcp open stun-p3
    1993/tcp open snmp-tcp-port
    1994/tcp open stun-port
    1995/tcp open perf-port
    1996/tcp open tr-rsrb-port
    1997/tcp open gdp-port
    1998/tcp open x25-svc-port
    1999/tcp open tcp-id-port
    2000/tcp open callbook
    2001/tcp open dc
    2002/tcp open globe
    2003/tcp open cfingerd
    2004/tcp open mailbox
    2005/tcp open deslogin
    2006/tcp open invokator
    2007/tcp open dectalk
    2008/tcp open conf
    2009/tcp open news
    2010/tcp open search
    2011/tcp open raid-cc
    2012/tcp open ttyinfo
    2013/tcp open raid-am
    2014/tcp open troff
    2015/tcp open cypress
    2016/tcp open bootserver
    2017/tcp open cypress-stat
    2018/tcp open terminaldb
    2019/tcp open whosockami
    2020/tcp open xinupageserver
    2021/tcp open servexec
    2022/tcp open down
    2023/tcp open xinuexpansion3
    2024/tcp open xinuexpansion4
    2025/tcp open ellpack
    2026/tcp open scrabble
    2027/tcp open shadowserver
    2028/tcp open submitserver
    2030/tcp open device2
    2032/tcp open blackboard
    2033/tcp open glogger
    2034/tcp open scoremgr
    2035/tcp open imsldoc
    2038/tcp open objectmanager
    2040/tcp open lam
    2041/tcp open interbase
    2042/tcp open isis
    2043/tcp open isis-bcast
    2044/tcp open rimsl
    2045/tcp open cdfunc
    2046/tcp open sdfunc
    2047/tcp open dls
    2048/tcp open dls-monitor
    2049/tcp open nfs
    2053/tcp open knetd
    2064/tcp open dnet-keyproxy
    2065/tcp open dlsrpn
    2067/tcp open dlswpn
    2068/tcp open advocentkvm
    2105/tcp open eklogin
    2106/tcp open ekshell
    2108/tcp open rkinit
    2111/tcp open kx
    2112/tcp open kip
    2120/tcp open kauth
    2201/tcp open ats
    2232/tcp open ivs-video
    2241/tcp open ivsd
    2301/tcp open compaqdiag
    2307/tcp open pehelp
    2401/tcp open cvspserver
    2430/tcp open venus
    2431/tcp open venus-se
    2432/tcp open codasrv
    2433/tcp open codasrv-se
    2500/tcp open rtsserv
    2501/tcp open rtsclient
    2564/tcp open hp-3000-telnet
    2600/tcp open zebrasrv
    2601/tcp open zebra
    2602/tcp open ripd
    2603/tcp open ripngd
    2604/tcp open ospfd
    2605/tcp open bgpd
    2627/tcp open webster
    2638/tcp open sybase
    2766/tcp open listen
    2784/tcp open www-dev
    2809/tcp open corbaloc
    2903/tcp open extensisportfolio
    2998/tcp open iss-realsec
    3000/tcp open ppp
    3001/tcp open nessusd
    3005/tcp open deslogin
    3006/tcp open deslogind
    3049/tcp open cfs
    3052/tcp open PowerChute
    3064/tcp open dnet-tstproxy
    3086/tcp open sj3
    3128/tcp open squid-http
    3141/tcp open vmodem
    3264/tcp open ccmail
    3268/tcp open globalcatLDAP
    3269/tcp open globalcatLDAPssl
    3292/tcp open meetingmaker
    3306/tcp open mysql
    3333/tcp open dec-notes
    3372/tcp open msdtc
    3389/tcp open ms-term-serv
    3421/tcp open bmap
    3455/tcp open prsvp
    3456/tcp open vat
    3457/tcp open vat-control
    3462/tcp open track
    3531/tcp open peerenabler
    3689/tcp open rendezvous
    3900/tcp open udt_os
    3984/tcp open mapper-nodemgr
    3985/tcp open mapper-mapethd
    3986/tcp open mapper-ws_ethd
    3999/tcp open remoteanything
    4000/tcp open remoteanything
    4008/tcp open netcheque
    4045/tcp open lockd
    4132/tcp open nuts_dem
    4133/tcp open nuts_bootp
    4144/tcp open wincim
    4224/tcp open xtell
    4321/tcp open rwhois
    4333/tcp open msql
    4343/tcp open unicall
    4444/tcp open krb524
    4480/tcp open proxy-plus
    4500/tcp open sae-urn
    4557/tcp open fax
    4559/tcp open hylafax
    4660/tcp open mosmig
    4672/tcp open rfa
    4899/tcp open radmin
    4987/tcp open maybeveritas
    4998/tcp open maybeveritas
    5000/tcp open UPnP
    5001/tcp open commplex-link
    5002/tcp open rfe
    5003/tcp open filemaker
    5010/tcp open telelpathstart
    5011/tcp open telelpathattack
    5050/tcp open mmcc
    5100/tcp open admd
    5101/tcp open admdog
    5102/tcp open admeng
    5145/tcp open rmonitor_secure
    5190/tcp open aol
    5191/tcp open aol-1
    5192/tcp open aol-2
    5193/tcp open aol-3
    5232/tcp open sgi-dgl
    5236/tcp open padl2sim
    5300/tcp open hacl-hb
    5301/tcp open hacl-gs
    5302/tcp open hacl-cfg
    5303/tcp open hacl-probe
    5304/tcp open hacl-local
    5305/tcp open hacl-test
    5308/tcp open cfengine
    5400/tcp open pcduo-old
    5405/tcp open pcduo
    5432/tcp open postgres
    5490/tcp open connect-proxy
    5510/tcp open secureidprop
    5520/tcp open sdlog
    5530/tcp open sdserv
    5540/tcp open sdreport
    5550/tcp open sdadmind
    5555/tcp open freeciv
    5631/tcp open pcanywheredata
    5632/tcp open pcanywherestat
    5680/tcp open canna
    5713/tcp open proshareaudio
    5714/tcp open prosharevideo
    5715/tcp open prosharedata
    5716/tcp open prosharerequest
    5717/tcp open prosharenotify
    5800/tcp open vnc-http
    5801/tcp open vnc-http-1
    5802/tcp open vnc-http-2
    5803/tcp open vnc-http-3
    5900/tcp open vnc
    5901/tcp open vnc-1
    5902/tcp open vnc-2
    5903/tcp open vnc-3
    5977/tcp open ncd-pref-tcp
    5978/tcp open ncd-diag-tcp
    5979/tcp open ncd-conf-tcp
    5997/tcp open ncd-pref
    5998/tcp open ncd-diag
    5999/tcp open ncd-conf
    6000/tcp open X11
    6001/tcp open X11:1
    6002/tcp open X11:2
    6003/tcp open X11:3
    6004/tcp open X11:4
    6005/tcp open X11:5
    6006/tcp open X11:6
    6007/tcp open X11:7
    6008/tcp open X11:8
    6009/tcp open X11:9
    6050/tcp open arcserve
    6101/tcp open VeritasBackupExec
    6103/tcp open RETS-or-BackupExec
    6105/tcp open isdninfo
    6106/tcp open isdninfo
    6110/tcp open softcm
    6111/tcp open spc
    6112/tcp open dtspc
    6141/tcp open meta-corp
    6142/tcp open aspentec-lm
    6143/tcp open watershed-lm
    6144/tcp open statsci1-lm
    6145/tcp open statsci2-lm
    6146/tcp open lonewolf-lm
    6147/tcp open montage-lm
    6148/tcp open ricardo-lm
    6346/tcp open gnutella
    6400/tcp open crystalreports
    6401/tcp open crystalenterprise
    6502/tcp open netop-rc
    6543/tcp open mythtv
    6544/tcp open mythtv
    6547/tcp open PowerChutePLUS
    6548/tcp open PowerChutePLUS
    6558/tcp open xdsxdm
    6588/tcp open analogx
    6666/tcp open irc-serv
    6667/tcp open irc
    6668/tcp open irc
    6699/tcp open napster
    6969/tcp open acmsoda
    7000/tcp open afs3-fileserver
    7001/tcp open afs3-callback
    7002/tcp open afs3-prserver
    7003/tcp open afs3-vlserver
    7004/tcp open afs3-kaserver
    7005/tcp open afs3-volser
    7006/tcp open afs3-errors
    7007/tcp open afs3-bos
    7008/tcp open afs3-update
    7009/tcp open afs3-rmtsys
    7010/tcp open ups-onlinet
    7070/tcp open realserver
    7100/tcp open font-service
    7200/tcp open fodms
    7201/tcp open dlip
    7273/tcp open openmanage
    7326/tcp open icb
    7464/tcp open pythonds
    7597/tcp open qaz
    8000/tcp open http-alt
    8007/tcp open ajp12
    8009/tcp open ajp13
    8080/tcp open http-proxy
    8081/tcp open blackice-icecap
    8082/tcp open blackice-alerts
    8443/tcp open https-alt
    8888/tcp open sun-answerbook
    8892/tcp open seosload
    9090/tcp open zeus-admin
    9100/tcp open jetdirect
    9111/tcp open DragonIDSConsole
    9152/tcp open ms-sql2000
    9535/tcp open man
    9876/tcp open sd
    9991/tcp open issa
    9992/tcp open issc
    9999/tcp open abyss
    10000/tcp open snet-sensor-mgmt
    10005/tcp open stel
    10082/tcp open amandaidx
    10083/tcp open amidxtape
    11371/tcp open pksd
    12000/tcp open cce4x
    12345/tcp open NetBus
    12346/tcp open NetBus
    13701/tcp open VeritasNetbackup
    13702/tcp open VeritasNetbackup
    13705/tcp open VeritasNetbackup
    13706/tcp open VeritasNetbackup
    13708/tcp open VeritasNetbackup
    13709/tcp open VeritasNetbackup
    13710/tcp open VeritasNetbackup
    13711/tcp open VeritasNetbackup
    13712/tcp open VeritasNetbackup
    13713/tcp open VeritasNetbackup
    13714/tcp open VeritasNetbackup
    13715/tcp open VeritasNetbackup
    13716/tcp open VeritasNetbackup
    13717/tcp open VeritasNetbackup
    13718/tcp open VeritasNetbackup
    13720/tcp open VeritasNetbackup
    13721/tcp open VeritasNetbackup
    13722/tcp open VeritasNetbackup
    13782/tcp open VeritasNetbackup
    13783/tcp open VeritasNetbackup
    15126/tcp open swgps
    16959/tcp open subseven
    17007/tcp open isode-dua
    17300/tcp open kuang2
    18000/tcp open biimenu
    18181/tcp open opsec_cvp
    18182/tcp open opsec_ufp
    18183/tcp open opsec_sam
    18184/tcp open opsec_lea
    18185/tcp open opsec_omi
    18187/tcp open opsec_ela
    20005/tcp open btx
    22273/tcp open wnn6
    22289/tcp open wnn6_Cn
    22305/tcp open wnn6_Kr
    22321/tcp open wnn6_Tw
    22370/tcp open hpnpd
    26208/tcp open wnn6_DS
    27000/tcp open flexlm0
    27001/tcp open flexlm1
    27002/tcp open flexlm2
    27003/tcp open flexlm3
    27004/tcp open flexlm4
    27005/tcp open flexlm5
    27006/tcp open flexlm6
    27007/tcp open flexlm7
    27008/tcp open flexlm8
    27009/tcp open flexlm9
    27010/tcp open flexlm10
    27374/tcp open subseven
    27665/tcp open Trinoo_Master
    31337/tcp open Elite
    32770/tcp open sometimes-rpc3
    32771/tcp open sometimes-rpc5
    32772/tcp open sometimes-rpc7
    32773/tcp open sometimes-rpc9
    32774/tcp open sometimes-rpc11
    32775/tcp open sometimes-rpc13
    32776/tcp open sometimes-rpc15
    32777/tcp open sometimes-rpc17
    32778/tcp open sometimes-rpc19
    32779/tcp open sometimes-rpc21
    32780/tcp open sometimes-rpc23
    32786/tcp open sometimes-rpc25
    32787/tcp open sometimes-rpc27
    38037/tcp open landesk-cba
    38292/tcp open landesk-cba
    43188/tcp open reachout
    44334/tcp open tinyfw
    44442/tcp open coldfusion-auth
    44443/tcp open coldfusion-auth
    47557/tcp open dbbrowse
    49400/tcp open compaqdiag
    54320/tcp open bo2k
    61439/tcp open netprowler-manager
    61440/tcp open netprowler-manager2
    61441/tcp open netprowler-sensor
    65301/tcp open pcanywhere
    No OS matches for host (test conditions non-ideal).
    TCP/IP fingerprint:
    SInfo(V=3.48%P=i686-pc-linux-gnu%D=10/1%Time=415D6BA4%O=1%C=-1)
    TSeq(Class=TR%IPID=I%TS=U)
    T1(Resp=Y%DF=N%W=2000%ACK=S++%Flags=BAS%Ops=ME)
    T2(Resp=N)
    T3(Resp=Y%DF=N%W=2000%ACK=S++%Flags=ASF%Ops=ME)
    T4(Resp=N)
    T5(Resp=Y%DF=N%W=2000%ACK=S++%Flags=AS%Ops=ME)
    T6(Resp=N)
    T7(Resp=N)
    PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%
    DAT=E)


    Nmap run completed -- 1 IP address (1 host up) scanned in 720.739 seconds
    Greg, Oct 10, 2004
    #11
  12. Sqezins

    Don Kelloway Guest

    "Greg" <*g*reg*g*> wrote in message
    news:Xns957E4ABC7F7ggregor3hotmailcom@63.240.76.16...
    > (David Shaw) wrote in
    > news::
    >
    >> Are you sure that nmap reported that the ports were open, and not
    >> "filtered" or "closed"? Show us a copy of the scan, if you can.
    >>
    >> -ds
    >>

    > Here it is:
    >
    > Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-10-01 16:25
    > Warning: OS detection will be MUCH less reliable because we did not find
    > at least 1 open and 1 closed TCP port
    > Interesting ports on 10.112.x.y (IP changed to protect the innocent):
    > PORT STATE SERVICE
    > 1/tcp open tcpmux
    > 2/tcp open compressnet
    > 3/tcp open compressnet
    > 4/tcp open unknown
    > 5/tcp open rje


    ~snipped the rest

    Greg,

    The web server within IIS is responsible for opening ports 80 and 443. I
    strongly suspect that something wasn't configured correctly when you
    conducted the port scan of the IIS. To accurately identify the status of
    the ports on the system itself consider running the following command.

    NETSTAT -ANO

    The results will provide a list of the ports and their current state. For
    example running netstat on one of my system reveals:

    C:\>netstat -ano

    Active Connections

    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1532
    TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1532
    TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1532
    TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 1532

    Note the PID number in the last column? This indicates the Process ID
    number of the service/application responsible. In this example you will see
    that ports 21, 25, 80 and 443 are in a listening state the result of which
    is attributed to PID 1532, which is the PID associated with IIS.

    For you to determine the appropriate PID on your system simply view Task
    Manager or run the following command.

    TASKLIST /SVC

    Match the PID with the results of the NETSTAT and you'll learn the results.

    --
    Best regards, from Don Kelloway of Commodon Communications
    Visit http://www.commodon.com to learn about the "Threats to Your Security
    on the Internet".
    Don Kelloway, Oct 10, 2004
    #12
  13. Sqezins

    donnie Guest

    system reveals:
    >
    >C:\>netstat -ano
    >
    >Active Connections
    >
    > Proto Local Address Foreign Address State PID
    > TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1532
    > TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1532
    > TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1532
    > TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 1532
    >
    >Note the PID number in the last column? This indicates the Process ID
    >number of the service/application responsible. In this example you will see
    >that ports 21, 25, 80 and 443 are in a listening state the result of which
    >is attributed to PID 1532, which is the PID associated with IIS.
    >
    >For you to determine the appropriate PID on your system simply view Task
    >Manager or run the following command.
    >
    >TASKLIST /SVC
    >
    >Match the PID with the results of the NETSTAT and you'll learn the results.

    ####################
    What determiines when the netstat output uses zeros as the IP address
    as opposed to 127.0.0.1 or the actual IP of the machine?
    donnie, Oct 11, 2004
    #13
  14. Sqezins

    Don Kelloway Guest

    "donnie" <> wrote in message
    news:...
    > system reveals:
    >>
    >>C:\>netstat -ano
    >>
    >>Active Connections
    >>
    >> Proto Local Address Foreign Address State PID
    >> TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
    >> 1532
    >> TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
    >> 1532
    >> TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
    >> 1532
    >> TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
    >> 1532
    >>
    >>Note the PID number in the last column? This indicates the Process ID
    >>number of the service/application responsible. In this example you will
    >>see
    >>that ports 21, 25, 80 and 443 are in a listening state the result of which
    >>is attributed to PID 1532, which is the PID associated with IIS.
    >>
    >>For you to determine the appropriate PID on your system simply view Task
    >>Manager or run the following command.
    >>
    >>TASKLIST /SVC
    >>
    >>Match the PID with the results of the NETSTAT and you'll learn the
    >>results.

    > ####################
    > What determiines when the netstat output uses zeros as the IP address
    > as opposed to 127.0.0.1 or the actual IP of the machine?


    Donnie,

    Good question...

    When you see '0.0.0.0' it indicates that the service/application indicated
    by the PID is capable of listening on all IP's bound to the NIC.

    When you see '127.0.0.1' it indicates that the system itself is using the
    loopback for communication to itself and such is not an accessible from the
    Internet.

    --
    Best regards, from Don Kelloway of Commodon Communications
    Visit http://www.commodon.com to learn about the "Threats to Your Security
    on the Internet".
    Don Kelloway, Oct 11, 2004
    #14
  15. Sqezins

    Jeff Beck Guest

    "Don Kelloway" <> wrote in
    news:kenad.15073$:

    >>>
    >>>C:\>netstat -ano
    >>>


    I don't have physical access to the machine in question to run netstat to
    try and match up with the anomally that nmap reported. I agree that in
    order for all those ports to be listed as open, a matching service should
    be running too! That is why I'm wondering how or what spoofed nmap?

    >>>For you to determine the appropriate PID on your system simply view
    >>>Task Manager or run the following command.
    >>>
    >>>TASKLIST /SVC
    >>>


    I have been around PC's forever and never saw that command (tasklist). I
    ran it today on XP and was reminded of #ps -ef on *nix. Then I tried it on
    Win2k and realized it isn't there. Oh well, still worth remembering.

    The server in question is running 2k also.
    Jeff Beck, Oct 11, 2004
    #15
  16. >I have been around PC's forever and never saw that command (tasklist). I
    >ran it today on XP and was reminded of #ps -ef on *nix. Then I tried it on
    >Win2k and realized it isn't there. Oh well, still worth remembering.


    I wonder if it would work on W2K if it was available.
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    ?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
    \Crash\ Dummy, Oct 11, 2004
    #16
  17. Sqezins

    donnie Guest

    On Mon, 11 Oct 2004 03:37:52 GMT, "Don Kelloway"
    <> wrote:

    >> What determiines when the netstat output uses zeros as the IP address
    >> as opposed to 127.0.0.1 or the actual IP of the machine?

    >
    >Donnie,
    >
    >Good question...
    >
    >When you see '0.0.0.0' it indicates that the service/application indicated
    >by the PID is capable of listening on all IP's bound to the NIC.
    >
    >When you see '127.0.0.1' it indicates that the system itself is using the
    >loopback for communication to itself and such is not an accessible from the
    >Internet.
    >
    >--
    >Best regards, from Don Kelloway of Commodon Communications

    ##################
    Thanks for that answer. I've been wondering about that for quite
    awhile now.
    donnie.
    donnie, Oct 12, 2004
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. moe_rodrigue

    IIS 6.0 win2003, IIS users

    moe_rodrigue, Apr 1, 2004, in forum: MCSE
    Replies:
    1
    Views:
    1,033
    MikeF
    Apr 1, 2004
  2. J Lunis

    How do I open all my ports??

    J Lunis, Sep 22, 2006, in forum: Wireless Networking
    Replies:
    5
    Views:
    33,189
    David Hettel MVP MobileDevices
    Sep 24, 2006
  3. Galpersonal
    Replies:
    8
    Views:
    998
    universal4
    Aug 13, 2006
  4. Corbin O'Reilly

    PIX 515 - Open all ports except a few

    Corbin O'Reilly, Aug 15, 2008, in forum: Cisco
    Replies:
    6
    Views:
    972
    Walter Roberson
    Aug 16, 2008
  5. ahmad2005

    open all ports using pix

    ahmad2005, Nov 5, 2008, in forum: Cisco
    Replies:
    4
    Views:
    1,959
    sdunn96
    Nov 8, 2008
Loading...

Share This Page