RE: Access on Port 1

• From: "Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 27 Jul 2004 10:01:40 -0500

http://www.faqs.org/rfcs/rfc1078.html

Description of TCP Port Multiplexer.  You can connect to it to find out
what ports certain services are running on.

"Danger Will Robinson"
Example: Client connects to port 1 on remote server, client sends "HTTP"
to TCPMUX, an HTTP conversation then starts on the server port running
an HTTP server.  Bad news if your're trying to "hide" HTTP by running it
on something other than 80.

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx

-----Original Message-----
From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] 
Sent: Tuesday, July 27, 2004 10:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access on Port 1

http://www.ISAserver.org

I searched on TCP/IP port listing

From the quick reading I did, I couldn't tell you if it's good or not.

-----Original Message-----
From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]
Sent: Tuesday, July 27, 2004 9:21 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access on Port 1


http://www.ISAserver.org

Hi Troy,

You know, I did try google, but for some reason the phrase 'Port 1'
doesn't
return much :\
(http://www.google.co.uk/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=I
SA+%22destination+port%22+%22port+1%22)

Should I be expecting this from my a DC on my internal network? I've
done a
scan and have found nothing. Then I allowed the traffic through, and now
it
has stopped. Very bizarre. Would be great to know exactly what it was.
Thanks for putting me on track with tcpmux though :)

Cheers,

Jason

> -----Original Message-----
> From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
> Sent: 27 July 2004 15:17
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access on Port 1
> 
> http://www.ISAserver.org
> 
> Google is your friend =?)
> 
> Port number: 1
> 
> Common name(s): tcpmux
> 
> Common service(s): tcpmux
> 
> Service description(s): TCP multiplexer
> 
> Common server(s): tcpmux (sometimes named "simple tcp service")
> 
> Common client(s):
> 
> Common problem(s):
> 
> Encrypted options: N/A
> 
> Secure options: N/A
> 
> Firewalling recommendations: Firewall port 1
> 
> Attack detection: Virtually all traffic to port 1 can be
> considered hostile.
> 
> Related URL(s):
> 
> Other notes: RFC 1078
> 
>  
> 
> -----Original Message-----
> From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]
> Sent: Tuesday, July 27, 2004 8:43 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Access on Port 1
> 
> 
> http://www.ISAserver.org
> 
> Hi chaps,
> 
> Quick question, one of our DC's keeps sending traffic to port
> 1 on our ISA
> server. Should I allow this? Should I be worried?
> 
> Cheers,
> 
> Jason
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com No.1 Exchange 
> Server Resource Site: http://www.msexchange.org Windows Security
> Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tradtke@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com No.1 Exchange 
> Server Resource Site: http://www.msexchange.org Windows Security 
> Resource Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: 
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: j.merrique@xxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server
Resource Site: http://www.msexchange.org Windows Security Resource Site:
http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist

Other related posts:

• » Access on Port 1
• » RE: Access on Port 1
• » RE: Access on Port 1
• » RE: Access on Port 1
• » RE: Access on Port 1
• » RE: Access on Port 1
• » RE: Access on Port 1
• » RE: Access on Port 1

1. Home
2. isalist
3. Archive
4. 07-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---