• Welcome to Valhalla Legends Archive.
 

Dumbass Network Contractor

Started by Thing, May 23, 2003, 09:02 AM

Previous topic - Next topic

Thing

I am taking over the maintenance of a small network of 20 workstations and one server.  One of the first things I did was scan the server, which is connected directly to the Internet.  Here is the result of that scan:

53/tcp     open        domain                  
88/tcp     open        kerberos-sec            
111/tcp    open        sunrpc                  
135/tcp    filtered    loc-srv                
136/tcp    filtered    profile                
137/tcp    filtered    netbios-ns              
138/tcp    filtered    netbios-dgm            
139/tcp    filtered    netbios-ssn            
389/tcp    open        ldap                    
445/tcp    filtered    microsoft-ds            
464/tcp    open        kpasswd5                
593/tcp    open        http-rpc-epmap          
636/tcp    open        ldapssl                
1026/tcp   open        LSA-or-nterm            
1029/tcp   open        ms-lsa                  
1103/tcp   open        xaudio                  
1401/tcp   open        goldleaf-licman        
3268/tcp   open        globalcatLDAP          
3269/tcp   open        globalcatLDAPssl        
3372/tcp   open        msdtc                  
3389/tcp   open        ms-term-serv            
5800/tcp   open        vnc-http                
5900/tcp   open        vnc                    
Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds

I shouldn't need to tell you that I'm going there today and put it behind a firewall, but I will anyway.  I know what some of this stuff is but I am clueless as to what some of it is and how to turn it off.

Your input is appreciated.  Don't bust my balls about not knowing much about Winders security.

/edit/The only things that needs to be running are Term Server and VNC.
That sucking sound you hear is my bandwidth.

CupHead

Oh goodness, and that's a windows machine.  I suggest going through the list of Services (Control Panel -> Administrative Tools -> Computer Management -> Click on the Services Tree Node) and finding the corresponding services to each of those open ports.  I suspect the majority will be named similarly to the port description and that the rest will be easily identified by other people who read the thread.

Yoni

Sysinternals makes a tool called TCPView. It can help you associate an open port (or a connection) with a process (something that Windows' netstat lacks).

Process Explorer[/url] might come in handy as well.

Raven

Don't forget EtherPeek! Ofcourse, you'll need to download a happy version of Ether Peek, even though for your purposes, the trial version should work decently also.

Thing

Ehh  I didn't get to mess with it today.  I was too busy fixing the screwed up printing setup.  Maybe next week.
That sucking sound you hear is my bandwidth.