[Dshield] Port assignments and Services running in Windows

Brian P. Donohue zbd at u.washington.edu
Fri Apr 30 03:30:43 GMT 2004


You are hacked.  I've seen a lot of these at the U of Washington in the last
week.  Multiple ftp connections.  They're using the simple tcp/ip services
to try to fool security engineers.

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Gary Porter
Sent: Thursday, April 29, 2004 17:35
To: General DShield Discussion List
Subject: RE: [Dshield] Port assignments and Services running in Windows

That Microsoft KB helped me as well, but I see a lot of ports open on one of
my machines that are not open on others.  For instance, does anyone
recognize why all these low ports are open and what really is "tcpsvcs?"

FPort v1.31 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com
Securing the dot com world
Pid   Process            Port  Proto Path
880   tcpsvcs        ->  7     TCP   C:\WINNT\System32\tcpsvcs.exe
880   tcpsvcs        ->  9     TCP   C:\WINNT\System32\tcpsvcs.exe
880   tcpsvcs        ->  13    TCP   C:\WINNT\System32\tcpsvcs.exe
880   tcpsvcs        ->  17    TCP   C:\WINNT\System32\tcpsvcs.exe
880   tcpsvcs        ->  19    TCP   C:\WINNT\System32\tcpsvcs.exe
472   svchost        ->  135   TCP   C:\WINNT\system32\svchost.exe
8     System         ->  139   TCP
8     System         ->  445   TCP
808   javaw          ->  777   TCP   C:\Program
Files\JavaSoft\JRE\1.3.1\bin\javaw.exe
844   MSTask         ->  1025  TCP   C:\WINNT\system32\MSTask.exe
8     System         ->  1026  TCP

880   tcpsvcs        ->  7     UDP   C:\WINNT\System32\tcpsvcs.exe
880   tcpsvcs        ->  9     UDP   C:\WINNT\System32\tcpsvcs.exe
880   tcpsvcs        ->  13    UDP   C:\WINNT\System32\tcpsvcs.exe
880   tcpsvcs        ->  17    UDP   C:\WINNT\System32\tcpsvcs.exe
880   tcpsvcs        ->  19    UDP   C:\WINNT\System32\tcpsvcs.exe
8     System         ->  137   UDP
8     System         ->  138   UDP
1548  LinkLogger     ->  162   UDP   C:\Program Files\Link
Logger\LinkLogger.exe
8     System         ->  445   UDP
640   svchost        ->  520   UDP   C:\WINNT\System32\svchost.exe



-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]On Behalf Of Joe Matusiewicz
Sent: Thursday, April 29, 2004 1:50 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Port assignments and Services running in Windows



>
> > Does anybody know of a good site that discusses port numbers,
> > port assignments, and the Windows services that run on these
> > ports? I am trying to learn more about which ports are trying
> > to "talk" and I don't just want to allow/deny these ports
> > without knowing what they are doing.


I keep this handy to decipher the windows ports:

http://support.microsoft.com/default.aspx?scid=kb;en-us;150543

It's dated and doesn't include 445 which was introduced in win2k.


-- Joe

_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list