Audited an ISA 2000 - part I
From: Doug Fox (dfox168_at_hotmail.com)
Date: 11/04/04
- Next message: Doug Fox: "Audited an ISA 2000 - part II"
- Previous message: Sergio Fonseca [MVP]: "Re: blocking http tunnel"
- Next in thread: Tristan Kington [MSFT]: "Re: Audited an ISA 2000 - part I"
- Reply: Tristan Kington [MSFT]: "Re: Audited an ISA 2000 - part I"
- Reply: Tristan Kington [MSFT]: "Re: Audited an ISA 2000 - part I"
- Reply: Jack Pea***: "Re: Audited an ISA 2000 - part I"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 4 Nov 2004 17:55:06 -0500
Did an internal and an external port scan on a production ISA 2000 server
and found the following ports opened, but seems quite unusual. Any
comments/suggestions are appreciated.
The external scan, i.e., scanning the server from the internet, which
reported the following ports are open:
TCP Ports
110 (POP3)
135 (DCE endpoint resolution)
139 (NETBIOS Session Service)
515 (Spooler
1027 (unknown or ICQ?)
3372 (Microsoft Distributed Transaction Coordinator (MSDTC) / TIP 2)
10000 Webmin / Network Data Management Protocol
UDP Port:
137 (NETBIOS Name Service)
The internal scan, i.e., scanning the server's internal interface, the
result is:
TCP Ports
135 (DCE endpoint resolution) (also appears on the external interface.)
139 (NETBIOS Session Service) (also appears on the external interface.)
445 (Microsoft-DS)
515 (Spooler) (also appears on the external interface.)
1027 (unknown) (also appears on the external interface.)
1080 (socks)
1745 (ISA Server proxy autoconfig / remote winsock)
3372 (Microsoft Distributed Transaction Coordinator (MSDTC) / TIP 2) (also
appears on the external interface.)
8080 (HTTP/HTTP Proxy)
10000 Webmin / Network Data Management Protocol (also appears on the
external interface.)
UDP Ports
137 (NETBIOS Name Service)(also appears on the external interface.)
2967 (SSC-AGENT / Norton Anti-virus)
I
- Next message: Doug Fox: "Audited an ISA 2000 - part II"
- Previous message: Sergio Fonseca [MVP]: "Re: blocking http tunnel"
- Next in thread: Tristan Kington [MSFT]: "Re: Audited an ISA 2000 - part I"
- Reply: Tristan Kington [MSFT]: "Re: Audited an ISA 2000 - part I"
- Reply: Tristan Kington [MSFT]: "Re: Audited an ISA 2000 - part I"
- Reply: Jack Pea***: "Re: Audited an ISA 2000 - part I"
- Messages sorted by: [ date ] [ thread ]