[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports
- From: Jean-Baptiste Marchand <jbm@hsc.fr>
- Date: Mon, 10 Nov 2003 23:54:23 +0100
* thalm <thalm@netcabo.pt> [01/01/70 - 01:00]:
> When viewing the ports associated with inetinfo.exe (Windows 2000
> Server with IIS 5.0 in a default configuration) using TCPView I see
> port 80 (TCP) , 443 (TCP), another TCP strange and random port and one
> UDP port (3456)
>
> Example in one machine: TCP 80 TCP 443 TCP 1055 UDP 3456
>
> Example in another machine: TCP 80 TCP 443 TCP 2086 UDP 3456
>
> Already tried to connect to the random TCP port, and write to it, but
> the server does not return a thing. What are the random TCP and fixed
> UDP port for?
As detailed in the IIS 5.0 section of our Windows network services
minimization paper, IIS 5.0 runs RPC services over TCP/IP:
http://www.hsc.fr/tips/min_srv_res_win.en.html
The dynamic TCP port is used by IIS remote administration RPC services.
You should also observe a dynamic UDP port. You can check with ifids
that RPC services are bound on these endpoints.
udp/3456 is used by IIS 5.0 internally. Microsoft finally documented
this port a few months ago, see
http://support.microsoft.com/?id=327859
Jean-Baptiste Marchand
--
Jean-Baptiste.Marchand@hsc.fr
HSC - http://www.hsc.fr/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html