udp packets can be fired at all ports in that range www.mindblock.org insecure <[EMAIL PROTECTED]> wrote: > >Ondrej Krajicek wrote: > >>Hello, >> >>I've just noticed (no, not by using tools which ship with Windows XP[1], thank you >>Bill), that >>Outlook 2003 binds to UDP port 3088 on all interfaces and listens. Quick Googling >>for it >>found no useful explanation. >> >>Does anyone know what is this good for? Another open port on my (and thousands of >>others) Windows box >>really does not help anything, at least when it comes to security. Anyway, I am using >>desktop firewall for access control, but knowing what this is and how can it be >>disabled ;-) >>will make my sleep a bit better. >> >>Regards, >> >>Ondra >> >>PS: [1] ...netstat wouldn't do, it does not display pid (or something). >> >>+>>>-----------------------------------------------------------------+ >>|Ondrej Krajicek (-KO| >>|Institute of Computer Science, Masaryk University Brno, CR | >>|http://isildur.ics.muni.cz/~ondra [EMAIL PROTECTED]| >>+--------------------------------------------------------------------+ >> >> >This is probably the new mail notification service used by Exchange. See >http://support.microsoft.com/default.aspx?scid=kb;EN-US;264035 > >"New mail notification messages are sent by means of UDP packets from >the server to the client. The ports used for this notification are set >by the client when the client logs on to the information store. As part >of the log on process to the information store, the client tells the >server the IP address and port where it expects to receive new mail >notification messages. This will be a UDP port in the 1024-65535 range." > >Here are instructions for how to turn it off for LookOut 2002. >http://support.microsoft.com/default.aspx?scid=kb;EN-US;305572 >2003 is probably similar. > >Even if there was some vulnerability that could be exploited through >this service, it would be hard to do, as the port number is not predictable. > >jerry > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
