Hey Shawn, The request is coming from an internal DC though - is this normal? Cheers, Jason > -----Original Message----- > From: Quillman Shawn (RBNA/CSA1) * > [mailto:Shawn.Quillman@xxxxxxxxxxxx] > Sent: 27 July 2004 16:02 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Access on Port 1 > > http://www.ISAserver.org > > > http://www.faqs.org/rfcs/rfc1078.html > > Description of TCP Port Multiplexer. You can connect to it > to find out what ports certain services are running on. > > "Danger Will Robinson" > Example: Client connects to port 1 on remote server, client > sends "HTTP" > to TCPMUX, an HTTP conversation then starts on the server > port running an HTTP server. Bad news if your're trying to > "hide" HTTP by running it on something other than 80. > > -Shawn > > ----- > Shawn R. Quillman > Robert Bosch Corporation RBNA/CSA1 > 38000 Hills Tech Drive > Farmington Hills, MI 48331 > (248) 553-1164 (P) (248) 848-6969 (F) > shawn.quillman@xxxxxxxxxxxx > > -----Original Message----- > From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] > Sent: Tuesday, July 27, 2004 10:36 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Access on Port 1 > > http://www.ISAserver.org > > I searched on TCP/IP port listing > > From the quick reading I did, I couldn't tell you if it's good or not. > > -----Original Message----- > From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx] > Sent: Tuesday, July 27, 2004 9:21 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Access on Port 1 > > > http://www.ISAserver.org > > Hi Troy, > > You know, I did try google, but for some reason the phrase 'Port 1' > doesn't > return much :\ > (http://www.google.co.uk/search?sourceid=navclient&ie=UTF-8&oe > =UTF-8&q=I > SA+%22destination+port%22+%22port+1%22) > > Should I be expecting this from my a DC on my internal > network? I've done a scan and have found nothing. Then I > allowed the traffic through, and now it has stopped. Very > bizarre. Would be great to know exactly what it was. > Thanks for putting me on track with tcpmux though :) > > Cheers, > > Jason > > > -----Original Message----- > > From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] > > Sent: 27 July 2004 15:17 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Access on Port 1 > > > > http://www.ISAserver.org > > > > Google is your friend =?) > > > > Port number: 1 > > > > Common name(s): tcpmux > > > > Common service(s): tcpmux > > > > Service description(s): TCP multiplexer > > > > Common server(s): tcpmux (sometimes named "simple tcp service") > > > > Common client(s): > > > > Common problem(s): > > > > Encrypted options: N/A > > > > Secure options: N/A > > > > Firewalling recommendations: Firewall port 1 > > > > Attack detection: Virtually all traffic to port 1 can be considered > > hostile. > > > > Related URL(s): > > > > Other notes: RFC 1078 > > > > > > > > -----Original Message----- > > From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx] > > Sent: Tuesday, July 27, 2004 8:43 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Access on Port 1 > > > > > > http://www.ISAserver.org > > > > Hi chaps, > > > > Quick question, one of our DC's keeps sending traffic to port > > 1 on our ISA > > server. Should I allow this? Should I be worried? > > > > Cheers, > > > > Jason > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: > http://www.windowsnetworking.com Leading > > Network Software Directory: http://www.serverfiles.com No.1 > Exchange > > Server Resource Site: http://www.msexchange.org Windows Security > > Resource Site: > > http://www.windowsecurity.com/ Network Security Library: > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > tradtke@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: > http://www.windowsnetworking.com Leading > > Network Software Directory: http://www.serverfiles.com No.1 > Exchange > > Server Resource Site: http://www.msexchange.org Windows Security > > Resource Site: http://www.windowsecurity.com/ Network Security > > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > j.merrique@xxxxxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange Server Resource > Site: http://www.msexchange.org Windows Security Resource Site: > http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tradtke@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: > http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > shawn.quillman@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: > http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: j.merrique@xxxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist >