Loading...
[get complete service list]
Top of page
Top of page
Port Information
Protocol Service Name
tcp cma CORBA Management Agent
tcp MiniCommand [trojan] MiniCommand
udp cma CORBA Management Agent
Top IPs Scanning
Today Yesterday
45.33.78.24 (39)109.205.213.3 (29)
45.79.114.248 (16)104.156.155.13 (17)
64.39.106.39 (8)64.39.106.109 (16)
137.74.17.17 (7)35.203.211.134 (12)
45.141.86.11 (6)101.6.21.12 (12)
206.168.34.37 (6)104.156.155.6 (10)
91.218.115.175 (5)137.74.17.17 (9)
104.156.155.14 (5)104.156.155.11 (9)
78.159.99.47 (5)162.216.149.9 (8)
104.156.155.9 (4)158.255.7.157 (8)
User Comments
Submitted By Date
Comment
Rick Guthrie, CISSP 2004-09-15 16:51:22
An nmap scan of a newly built Windows Server 2003 machine as the first domain controller in a new forest showed port 1050 open. Of course there were other ports open, but the ones that were not correctly identified are 1025, 1026, and 1050. 1025 and 1026 are for AD logon and replication, as per a Microsoft article. Using netstat with the -ano option showed that port 1050 was assigned PID 1432. Using the Task Manger, it show that that process was being used by Image name dns.exe After a restart, the PID changed to 1400, but continued to be used used by dns.exe I found a Microsoft Knowledge Base Article that suggest that this is an arbitrary port chosen by DNS to allow DNS lookups to occure to the Internet when interesting port are being blocked by a Firewall. The article is number: 198410, look for the registry key "SendOnNonDnsPort". Hope this helps!
Top of page
CVE Links
CVE # Description
Top of page