Solved

Npam Scan

Posted on 2004-04-27
4
6,586 Views
Last Modified: 2013-12-04
Hi guys ,
i have run Npam for Windows on one my Domain Controller in Windows 2000 domain.
since i am new to security area, i need help on understanding the following results

i need help esspecially on ports with 1000 + number

thanks

(The 1573 ports scanned but not shown below are in state: closed)
Port       State       Service
25/tcp     open        smtp                    
80/tcp     open        http                    
88/tcp     open        kerberos-sec            
110/tcp    open        pop-3                  
119/tcp    open        nntp                    
135/tcp    open        loc-srv                
139/tcp    open        netbios-ssn            
143/tcp    open        imap2                  
389/tcp    open        ldap                    
443/tcp    open        https                  
445/tcp    open        microsoft-ds            
464/tcp    open        kpasswd5                
563/tcp    open        snews                  
593/tcp    open        http-rpc-epmap          
636/tcp    open        ldapssl                
691/tcp    open        resvc                  
993/tcp    open        imaps                  
995/tcp    open        pop3
s                  
1026/tcp   open        LSA-or-nterm            
1029/tcp   open        ms-lsa                  
1373/tcp   open        chromagrafx            
1492/tcp   open        stone-design-1          
1723/tcp   open        pptp                    
2301/tcp   open        compaqdiag              
3372/tcp   open        msdtc                  
3389/tcp   open        ms-term-serv            
6101/tcp   open        VeritasBackupExec      
49400/tcp  open        compaqdiag              
Remote operating system guess: Windows Millennium Edition (Me), Win 2000, or WinXP
Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
0
Comment
Question by:cakirfatih
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
Joseph_Moore earned 350 total points
ID: 10931088
Ok, first off, you have NMAP (www.insecure.org), the best port scanner out there!

Now, here is what I see. You scanned a Win2K or Win2K3 Domain Controller (port 88, 389, 464) tells this. Those ports are used by Kerberos for authentication.

IIS is installed and running EVERYTHING: FTP, WWW, News, SMTP, POP3. All of it. Ports 21, 25 80,443, 119 are for this. Since you have WWW running, you have SSL enabled (port 443), which also turns on Secure News (port 563) and the Secure LDAP (port 563)

NetBIOS is enabled, so that's 139; SMB is on so that's 445. Both of these ports are for File & Print Sharing. (You also would have UDP port 137 & 138 enabled, but you only did a TCP port scan, not a UDP port scan, which is why those ports didn't show).

Port 1732 is open, so Routing and Remote Access (RRAS) is turned on with the default VPN mode enabled. This is your PPTP port showing.

This must be a Compaq server, since it has some Compaq Insight Agent ports showing (49400, 2301).

Terminal Services is up, so port 3389 is listening.

Veritas for backup? Looks like it. Port 6101 for that.

MS Distributed Transaction Coordinator is on by default, so port 3372 is there.

Ports 1372 & 1492 I am not familiar with, but it looks like (based of the NMAP service column) that they are from real applications, not trojans.

You are actually also running RPC over HTTP (port 593)? Ok. Weird. Not wrong, just different.

Here is a link to standard ports in Windows Domain Controllers:
http://support.microsoft.com/default.aspx?scid=kb;en-us;289241

Off the top of my head, nothing terrible here, unless this is on a server that is NOT protected by a firewall. If this server is only accessed on your LAN, then it looks OK to me. If this box is onthe Internet with no firewall, then you are just asking to be attacked and "0wned"!

One last NMAP thing. Go get the newest version of NMAP (v 3.50) and run it with the -A switch to enable the service detection. A new feature is for NMAP to read the banners it received on each port and not only tell you "compaqdiag" but it might tell you something like "Compaq Insight Agent V ####"  Kinda cool!

Good luck.

0
 
LVL 12

Assisted Solution

by:trywaredk
trywaredk earned 150 total points
ID: 10936664
List of known Trojan/Backdoors and the TCP/UDP ports on which they operate
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html#Trojans

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:cakirfatih
ID: 10943430
thanks a lot fo these valuable information

fatih
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10967118
:o) Glad we could help you - thank you for the points
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now