What are these tcp ports?

Discussion in 'Computer Security' started by Doug Fox, Oct 17, 2005.

  1. Doug Fox

    Doug Fox Guest

    Did an internal port scan on a number of Windows Server 2003 and found the
    following ports, but they seems weired. Any
    comments/suggestions/information are thankful.

    85 (MIT ML Device)
    264 (BGMP)
    039 (Streamlined Blackhole)
    1041 (AK2 Product)
    1043 (BONIC Client Control)
    $1051 (Optima VNET)
    1052 (Dynamic DNS Tools)
    1074 (FASTechnologies License Manager)
    1098 (RMI Activation)
    1106 (ISOIPSIGPORT-1)
    1119 (Battle.net Chat/Game Protocol)
    1208 (SEAGULL AIS)
    1264 (PRAT)
    1302 (Cl3-Software-2)
    1360 (MIMER)
    1366 (Novell NetWare Comm Service Platform) - We don't have Novell stuff on
    our network!!
    1378 Elan License Manager
    4000 (Terabase)
    5998 (Asp module for Apache servers(
    6001 (Rainbow SuperPro Net network Services)
    6071 (SSDTP)
    6502 (BoKS Servm)
    6503 (BoKS Clntd)
    6504 ??

    Best regards,
     
    Doug Fox, Oct 17, 2005
    #1
    1. Advertising

  2. Doug Fox

    Chuck Guest

    On Sun, 16 Oct 2005 19:24:49 -0400, "Doug Fox" <>
    wrote:

    >Did an internal port scan on a number of Windows Server 2003 and found the
    >following ports, but they seems weired. Any
    >comments/suggestions/information are thankful.
    >
    >85 (MIT ML Device)
    >264 (BGMP)
    >039 (Streamlined Blackhole)
    >1041 (AK2 Product)
    >1043 (BONIC Client Control)
    >$1051 (Optima VNET)
    >1052 (Dynamic DNS Tools)
    >1074 (FASTechnologies License Manager)
    >1098 (RMI Activation)
    >1106 (ISOIPSIGPORT-1)
    >1119 (Battle.net Chat/Game Protocol)
    >1208 (SEAGULL AIS)
    >1264 (PRAT)
    >1302 (Cl3-Software-2)
    >1360 (MIMER)
    >1366 (Novell NetWare Comm Service Platform) - We don't have Novell stuff on
    >our network!!
    >1378 Elan License Manager
    >4000 (Terabase)
    >5998 (Asp module for Apache servers(
    >6001 (Rainbow SuperPro Net network Services)
    >6071 (SSDTP)
    >6502 (BoKS Servm)
    >6503 (BoKS Clntd)
    >6504 ??


    Doug,

    Suspecting a malware problem, why not start by checking for malware.
    <http://nitecruzr.blogspot.com/2005/05/dealing-with-malware-adware-spyware.html>

    Knowing that malware will use any ports that it considers convenient, not
    according to registration, look at those ports using TCPView (free) from
    <http://www.sysinternals.com/ntw2k/source/tcpview.shtml>

    Once you identify the process(es) that have opened those ports, find the
    relevant program modules, and submit them for analysis to Jotti and VirusTotal.
    Find all components of those processes using Process Explorer (also free), and
    run interesting components thru Jottia dn VirusTotal too.
    <http://virusscan.jotti.org/>
    <http://www.virustotal.com/flash/index_en.html>
    <http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>

    --
    Cheers,
    Chuck, MS-MVP [Windows - Networking]
    http://nitecruzr.blogspot.com/
    Paranoia is not a problem, when it's a normal response from experience.
    My email is AT DOT
    actual address pchuck mvps org.
     
    Chuck, Oct 17, 2005
    #2
    1. Advertising

  3. Doug Fox

    Winged Guest

    Doug Fox wrote:
    > Did an internal port scan on a number of Windows Server 2003 and found the
    > following ports, but they seems weired. Any
    > comments/suggestions/information are thankful.
    >
    > 85 (MIT ML Device)
    > 264 (BGMP)
    > 039 (Streamlined Blackhole)
    > 1041 (AK2 Product)
    > 1043 (BONIC Client Control)
    > $1051 (Optima VNET)
    > 1052 (Dynamic DNS Tools)
    > 1074 (FASTechnologies License Manager)
    > 1098 (RMI Activation)
    > 1106 (ISOIPSIGPORT-1)
    > 1119 (Battle.net Chat/Game Protocol)
    > 1208 (SEAGULL AIS)
    > 1264 (PRAT)
    > 1302 (Cl3-Software-2)
    > 1360 (MIMER)
    > 1366 (Novell NetWare Comm Service Platform) - We don't have Novell stuff on
    > our network!!
    > 1378 Elan License Manager
    > 4000 (Terabase)
    > 5998 (Asp module for Apache servers(
    > 6001 (Rainbow SuperPro Net network Services)
    > 6071 (SSDTP)
    > 6502 (BoKS Servm)
    > 6503 (BoKS Clntd)
    > 6504 ??
    >
    > Best regards,
    >
    >

    Seems odd to me since by default server 2003 Is locked down requiring
    ports to be opened specifically. What software is installed on system?
    I see battlenet which indicates at least 1 game service. It is
    running BOINC which is a distributed computing platform.
    The novell stuff is required for IPX. there is a virtual net installed
    on system.

    All of the nfo can be googled. Seems pretty straight forward to me.

    This appears to be someones game server, I suspect perhaps battlenet
    itself, though I haven't checked. But there are some pricey toys
    installed on system, seems like one who administered such a system would
    know what was there.

    Winged
     
    Winged, Oct 17, 2005
    #3
  4. "Doug Fox" <> wrote in message
    news:...
    > Did an internal port scan on a number of Windows Server 2003 and found the
    > following ports, but they seems weired. Any
    > comments/suggestions/information are thankful.


    <snip>

    http://www.codecutters.org/resources/knownports.html
    http://www.codecutters.org/resources/regports.html

    and their lik are the official lists: I would have half-suspected a mix-up
    with ephermeral posts, but for that glaring port 85.

    A few seconds in Google found this:
    http://www.doshelp.com/Ports/Trojan_Ports.htm

    There's a new -b parameter in XP's netstat - not sure if that's in 2003
    (although I'd have thought so). systinternals.com provide duplicate
    functionality, if you'd care to download.

    HTH

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Oct 17, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin
    Replies:
    1
    Views:
    813
    Walter Roberson
    Nov 10, 2004
  2. DJ Chiro
    Replies:
    1
    Views:
    3,347
    Rowdy Yates
    Nov 7, 2003
  3. john

    tcp/ip vs microsoft tcp/ip ver 6

    john, Aug 5, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    3,443
  4. Pavel Aronovich
    Replies:
    0
    Views:
    554
    Pavel Aronovich
    Feb 22, 2004
  5. Doug Fox

    What are these TCP ports?

    Doug Fox, Oct 17, 2005, in forum: Computer Security
    Replies:
    0
    Views:
    483
    Doug Fox
    Oct 17, 2005
Loading...

Share This Page