|
Focus on Microsoft
Change password shortcut Sep 23 2004 04:57PM Paul Aviles (paviles adjoined com) (1 replies) Re: Change password shortcut Sep 25 2004 07:16PM Randhir Vayalambrone (vayalambrones yahoo com) (1 replies) |
|
|
Privacy Statement |
Win 2003 3790 server running IIS 6.0.
Using our tool (and others) port 4531 came up several times, each time
with a different issue:
First: Possible Backdoor iise.exe - //admin.dll
Second: Web server tries to hide its version or name however using a
special crafted request, we were able to discover it
Third: directories /help & /images were discovered
Fourth: Web server type is Microsoft-IIS/6.0
Fifth: Web server running on that port.
I'm not too familiar with IIS but why would it be "running" on that port?
As far as I know, they have their server setup to run on port 80, pursuant
to other scans and the fact that we don't have to type host:4531 to get to
the page nor are we redirected from host:80 to host:4531 [or host:4531 to
host:80 for that matter] when the page is accessed normally, but what
purpose does port 4531 serve?
I've checked several different security sites and performed searches for
port 4531, not specific to IIS in the event there was a backdoor
application that ran on that port by default. So far I've come up empty
handed but I would still like to know what the purpose of that port is so
I can document it in my SSAA and attempt to assess the residual risk as a
result of that port being open.
Thanks!
Julius G. Perkins, IV
Security Analyst
Telos/Xacta Corporation
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]