Hi, Actually I was using fport, I traced the application listening on 1088, and it was from sshd.exe. I checked the server now, and when I started it its not listening to port 1088 anymore but now port 1028, this is aside from the port 22.
regards, Grefenp [EMAIL PROTECTED] on 11/27/2001 03:38:07 AM To: Grefenp Berchmann C Sodusta/Rezayat cc: Subject: Antwort: Re: Antwort: Remote Admin of DMZ Hi, I cannot investigate this on my server before Friday. But you might you fport by Foundstone (http://www.foundstone.com) to determine which application is using the port. Just an Idea, SAP ITS uses ports from the range 1080-1089, so it might be a SAP ITS instance. I do not know a trojan listening on this port by default, but as we know this can be easily changed. Kind regards, Jens Mickerts [EMAIL PROTECTED] 26.11.2001 13:13 An: Kopie: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Thema: Re: Antwort: Remote Admin of DMZ Hi, I have installed OpenSSH (for NT), I leave the default listen port to 22, but I notice it was also listenning to port 1088. I think this must be a trojan or something. Anyone have any idea? Grefenp [EMAIL PROTECTED] on 11/20/2001 04:14:12 PM To: [EMAIL PROTECTED] @ INTERNET cc: [EMAIL PROTECTED] @ INTERNET, [EMAIL PROTECTED] @ INTERNET Subject: Antwort: Remote Admin of DMZ Hi, a combination I think is very nice is OpenSSH (there is a free NT Version here: http://www.networksimplicity.com) in combination with VNC or any other remote tool. For OpenSSH on NT uses NT accounts, you can set-up a policy that will lock the account used after x false logins making it quite secure. If your Remote Control then uses a second authentication different from the SSH one you should be fine given that you use a very low-priviledged account for SSH. Just another hint, you can set OpenSSH to listen on a different port than 22 so that it is more difficult to be recognised by Port-Scans. Kind regards, Jens Mickerts Matt LYNCH <[EMAIL PROTECTED]> 19.11.2001 23:17 An: [EMAIL PROTECTED], [EMAIL PROTECTED] Kopie: Thema: Remote Admin of DMZ I have been given the task of administering a web server contained within a DMZ. I am OK with the admin side of things but would prefer for time reasons to be able to remotely administer this machine. I have always used PCAnywhere, VNC and the MMC. But I now cannot use these due to the security risk. Does anyone else remote admin inside a DMZ and if so how?? All machine are NT 4.0, I use a W2K desktop. (Free would be nice, but I am also interested if there are commercial solutions available). Thanks in advance Matt
