RE: Access on Port 1
- From: "Jason Merrique" <j.merrique@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 27 Jul 2004 16:21:05 +0100
Hey Shawn,
The request is coming from an internal DC though - is this normal?
Cheers,
Jason
> -----Original Message-----
> From: Quillman Shawn (RBNA/CSA1) *
> [mailto:Shawn.Quillman@xxxxxxxxxxxx]
> Sent: 27 July 2004 16:02
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access on Port 1
>
> http://www.ISAserver.org
>
>
> http://www.faqs.org/rfcs/rfc1078.html
>
> Description of TCP Port Multiplexer. You can connect to it
> to find out what ports certain services are running on.
>
> "Danger Will Robinson"
> Example: Client connects to port 1 on remote server, client
> sends "HTTP"
> to TCPMUX, an HTTP conversation then starts on the server
> port running an HTTP server. Bad news if your're trying to
> "hide" HTTP by running it on something other than 80.
>
> -Shawn
>
> -----
> Shawn R. Quillman
> Robert Bosch Corporation RBNA/CSA1
> 38000 Hills Tech Drive
> Farmington Hills, MI 48331
> (248) 553-1164 (P) (248) 848-6969 (F)
> shawn.quillman@xxxxxxxxxxxx
>
> -----Original Message-----
> From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
> Sent: Tuesday, July 27, 2004 10:36 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access on Port 1
>
> http://www.ISAserver.org
>
> I searched on TCP/IP port listing
>
> From the quick reading I did, I couldn't tell you if it's good or not.
>
> -----Original Message-----
> From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]
> Sent: Tuesday, July 27, 2004 9:21 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access on Port 1
>
>
> http://www.ISAserver.org
>
> Hi Troy,
>
> You know, I did try google, but for some reason the phrase 'Port 1'
> doesn't
> return much :\
> (http://www.google.co.uk/search?sourceid=navclient&ie=UTF-8&oe
> =UTF-8&q=I
> SA+%22destination+port%22+%22port+1%22)
>
> Should I be expecting this from my a DC on my internal
> network? I've done a scan and have found nothing. Then I
> allowed the traffic through, and now it has stopped. Very
> bizarre. Would be great to know exactly what it was.
> Thanks for putting me on track with tcpmux though :)
>
> Cheers,
>
> Jason
>
> > -----Original Message-----
> > From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
> > Sent: 27 July 2004 15:17
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Access on Port 1
> >
> > http://www.ISAserver.org
> >
> > Google is your friend =?)
> >
> > Port number: 1
> >
> > Common name(s): tcpmux
> >
> > Common service(s): tcpmux
> >
> > Service description(s): TCP multiplexer
> >
> > Common server(s): tcpmux (sometimes named "simple tcp service")
> >
> > Common client(s):
> >
> > Common problem(s):
> >
> > Encrypted options: N/A
> >
> > Secure options: N/A
> >
> > Firewalling recommendations: Firewall port 1
> >
> > Attack detection: Virtually all traffic to port 1 can be considered
> > hostile.
> >
> > Related URL(s):
> >
> > Other notes: RFC 1078
> >
> >
> >
> > -----Original Message-----
> > From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]
> > Sent: Tuesday, July 27, 2004 8:43 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Access on Port 1
> >
> >
> > http://www.ISAserver.org
> >
> > Hi chaps,
> >
> > Quick question, one of our DC's keeps sending traffic to port
> > 1 on our ISA
> > server. Should I allow this? Should I be worried?
> >
> > Cheers,
> >
> > Jason
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking:
> http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com No.1
> Exchange
> > Server Resource Site: http://www.msexchange.org Windows Security
> > Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > tradtke@xxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking:
> http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com No.1
> Exchange
> > Server Resource Site: http://www.msexchange.org Windows Security
> > Resource Site: http://www.windowsecurity.com/ Network Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > j.merrique@xxxxxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory:
> http://www.serverfiles.com No.1 Exchange Server Resource
> Site: http://www.msexchange.org Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tradtke@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> shawn.quillman@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: j.merrique@xxxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>
Other related posts:
