Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TCP Port 420

Status
Not open for further replies.

igolo

IS-IT--Management
Jan 16, 2002
63
US
I ran Nmap on my network and found a laptop with something odd:

Port - 420/tcp
State - filtered
Service - smpte

What's odd is the machine is a Windows 2000 workstation with a couple of shared folders. The machine has file and print sharing enable and the workstation service is running, so the very least ports 135 & 139 should be opened. This is the only computer, out of a hundred pc's scanned, in the report like this.

The system has the latest patches from microsoft, McAfee virus scan did not report any viruses and SpySweeper did not find anything out of the ordinary.
The user of this coputer has been getting over seventy pieces of SPAM a day (in our enviroment that is excessive).
Should I be concerned about this computer.
Also I believe there is a system on the network that is spamming my users from inside the domain.
 
This is a list of what all the ports are supposed to be used for.
Any legitimate use for port 420 seems to have died long ago. There doesn't seem to be a lot of information about what it was for.

This lists a couple of trojan's as using that port.

I'd certainly be looking to run this on a machine on the same subnet at the target machine just to see if there is in fact any traffic from that machine on that port.

> The user of this coputer has been getting over seventy pieces of SPAM a day
They could have just made the mistake of posting on usenet / bulletin board / mailing list.
Or is perhaps a rather more guessable john.smith@work.com than everyone else.

--
 
This doesn't always work, but occasionally it does: telnet 127.0.0.1 420 or telnet to your machine from another machine to that port. I second the notion of a packet sniffer as well.
 
I forgot to mention, there are tools such as fport and tcpview that will map the application that is using that port.

----------------------------
"Security is like an onion" - Unknown
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top