Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Why are these ports open?

Status
Not open for further replies.
mufka

mufka

ISP
Dec 18, 2000
587
0
0
US
I have an NT web server that has several ports open that I can't explain. The ports are 50, 1027, 1030, 6667 and 6668. I found what the services that use these ports are, but I don't know what they do. Is there a way to find out? These ports are always open. Could these be hacked? I don't know anything about IRC, BBN IAD or RMCP.

thanks
 
Sort by date Sort by votes
If security is in question go to and download the ISS internet scaner it's 36 megs version 6.1 is the latest.
ISS will evaluate your system and create a report that you can browse using Netscape or IE. The report will tell you what and where to go to secure your server.
 
Upvote 0 Downvote
Do you need IRC for your users? I see you are affiliated as an ISP. Your users are therefore gonna be rather ticked off if you remove access to the service.

If you are running a network on the other hand burn out the port with a branding iron as it is mucho bad to allow IRC onto your internal net. Once a connection is accepted by an internal user the firewall assumes that everything is hunky dory and lets in EVERYTHING on this connection. IRC also has a dodgy setting which allows automatic acceptance of DCC (file transfers).

I would also recomend burning at the stake any users you find trying to download IRC or ICQ software onto an internal net....sorry the medication is wearing off.

Brian
 
Upvote 0 Downvote
Hi,

Well port 50 is supposed to be remote mail checking as per rfc 1339 --> .

Ports 1027 & 1030 may be related to a portmap/rpc service & dynamically allocated. Port 1030 is officially BBN IAD (Bolt, Beranek and Newman Interface Access Device - a bridge/router)

Port 6667 is listed as IRC (internet relay chat) --> & .

In reality any rarely used port <could> be used by a trojan or other questionale s/w to run a server on. If it doubt firewall it out.

You could always do 'netstat -a' from a command window on the server to see what is connected/listening to those ports.

Rgds
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
145
Sameer258
Sameer258
RMurr34
  • Locked
  • Question
ASA Config - Open port 3389 for all IPs
Replies
1
Views
63
iggsterman
iggsterman
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
47
hall5942
hall5942
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
43
hall5942
hall5942
JThekiso
  • Locked
  • Question
Not able to open SAMINC
Replies
0
Views
23
JThekiso
JThekiso

Part and Inventory Search

Sponsor

Back
Top