Click here to get back home

Open Ports on an Exchange 2000 on Server 2000
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Open Ports on an Exchange 2000 on Server 2000 jwkh 12-26-2005
Posted by jwkh on December 26, 2005, 5:27 pm
Please log in for more thread options
 I have the following ports open on our server. Several do not look right to
me. I used a Linux Security boot CD and Nmap to scan all our addresses for
open ports. Any ideas?

Interesting ports on (10.253.10.1):
(The 1634 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
88/tcp open kerberos-sec
110/tcp open pop3
119/tcp open nntp
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
389/tcp open ldap
443/tcp open https
445/tcp open microsoft-ds
464/tcp open kpasswd5
563/tcp open snews
593/tcp open http-rpc-epmap
636/tcp open ldapssl
691/tcp open resvc
993/tcp open imaps
995/tcp open pop3s
1026/tcp open LSA-or-nterm
1029/tcp open ms-lsa
1058/tcp open nim
1178/tcp open skkserv
1234/tcp open hotline
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-term-serv
8081/tcp open blackice-icecap
10000/tcp open snet-sensor-mgmt
38292/tcp open landesk-cba

TIA,

jwkh



Posted by Miha Pihler [MVP] on December 27, 2005, 1:40 pm
Please log in for more thread options
 Hi,

Most of these services are expected to run on Exchange server. If not used,
you can stop some of these services (e.g. you can stop pop3 or pop3s or nntp
if these services are not used in your environment.

Some of the services that do stand out are running on TCP ports above 1024
e.g.
- 8081/tcp open blackice-icecap
- 38292/tcp open landesk-cba
and few others.

Check what is actually running on these TCP ports. You can e.g. use TCPView
tool from www.sysinternals.com. It will tell you what process is using these
ports... Once identified, make sure that there are only services that you
install and need on the server. If you did not install them check your
server and try to determine how they got there.

--
Mike
Microsoft MVP - Windows Security

>I have the following ports open on our server. Several do not look right
>to
> me. I used a Linux Security boot CD and Nmap to scan all our addresses
> for
> open ports. Any ideas?
>
> Interesting ports on (10.253.10.1):
> (The 1634 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 25/tcp open smtp
> 80/tcp open http
> 88/tcp open kerberos-sec
> 110/tcp open pop3
> 119/tcp open nntp
> 135/tcp open msrpc
> 139/tcp open netbios-ssn
> 143/tcp open imap
> 389/tcp open ldap
> 443/tcp open https
> 445/tcp open microsoft-ds
> 464/tcp open kpasswd5
> 563/tcp open snews
> 593/tcp open http-rpc-epmap
> 636/tcp open ldapssl
> 691/tcp open resvc
> 993/tcp open imaps
> 995/tcp open pop3s
> 1026/tcp open LSA-or-nterm
> 1029/tcp open ms-lsa
> 1058/tcp open nim
> 1178/tcp open skkserv
> 1234/tcp open hotline
> 3268/tcp open globalcatLDAP
> 3269/tcp open globalcatLDAPssl
> 3389/tcp open ms-term-serv
> 8081/tcp open blackice-icecap
> 10000/tcp open snet-sensor-mgmt
> 38292/tcp open landesk-cba
>
> TIA,
>
> jwkh
>
>



Posted by jwkh on December 27, 2005, 5:11 pm
Please log in for more thread options
Thanks for your response. I found 8081 is used by Symantec's Exchange
Anti-virus management application. I'll get TCPview and do as you suggest.

jwkh


"Miha Pihler [MVP]" wrote:

> Hi,
>
> Most of these services are expected to run on Exchange server. If not used,
> you can stop some of these services (e.g. you can stop pop3 or pop3s or nntp
> if these services are not used in your environment.
>
> Some of the services that do stand out are running on TCP ports above 1024
> e.g.
> - 8081/tcp open blackice-icecap
> - 38292/tcp open landesk-cba
> and few others.
>
> Check what is actually running on these TCP ports. You can e.g. use TCPView
> tool from www.sysinternals.com. It will tell you what process is using these
> ports... Once identified, make sure that there are only services that you
> install and need on the server. If you did not install them check your
> server and try to determine how they got there.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> >I have the following ports open on our server. Several do not look right
> >to
> > me. I used a Linux Security boot CD and Nmap to scan all our addresses
> > for
> > open ports. Any ideas?
> >
> > Interesting ports on (10.253.10.1):
> > (The 1634 ports scanned but not shown below are in state: closed)
> > PORT STATE SERVICE
> > 25/tcp open smtp
> > 80/tcp open http
> > 88/tcp open kerberos-sec
> > 110/tcp open pop3
> > 119/tcp open nntp
> > 135/tcp open msrpc
> > 139/tcp open netbios-ssn
> > 143/tcp open imap
> > 389/tcp open ldap
> > 443/tcp open https
> > 445/tcp open microsoft-ds
> > 464/tcp open kpasswd5
> > 563/tcp open snews
> > 593/tcp open http-rpc-epmap
> > 636/tcp open ldapssl
> > 691/tcp open resvc
> > 993/tcp open imaps
> > 995/tcp open pop3s
> > 1026/tcp open LSA-or-nterm
> > 1029/tcp open ms-lsa
> > 1058/tcp open nim
> > 1178/tcp open skkserv
> > 1234/tcp open hotline
> > 3268/tcp open globalcatLDAP
> > 3269/tcp open globalcatLDAPssl
> > 3389/tcp open ms-term-serv
> > 8081/tcp open blackice-icecap
> > 10000/tcp open snet-sensor-mgmt
> > 38292/tcp open landesk-cba
> >
> > TIA,
> >
> > jwkh
> >
> >
>
>
>

Similar ThreadsPosted
Ports Open On Windows 2003 Server March 8, 2007, 3:18 pm
Storage Server 2000? September 12, 2005, 12:34 pm
Imaging a 2000 server January 9, 2008, 4:30 pm
Logon box in Windows 2000 server March 22, 2007, 3:50 am
Windows 2000 Server.....Pix 506e - VPN question May 5, 2006, 10:19 am
creat a domain trust between Windows 2000 server, it show error message:"PRC server is unavailable" July 3, 2006, 3:59 pm
MSDTC fails on Windows 2000 Advanced Server SP4 December 19, 2005, 3:10 pm
server 2000 Group policy for windows xp clients January 18, 2006, 9:59 pm
windows 2000 server like home permistions on 2003 November 30, 2006, 1:00 pm
Read-only access to AD, 2000, and 2003 server for monitoring? September 7, 2007, 3:20 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap