A colleague of mine sent me an email about identifying services running on a Win2k box, and how to disable them once they are identified. Here is the email:
Does anyone know of any websites that I can point my colleague to, that might have information on finding out how to determine what services are what, and then how to shut them off? Are there any utilities out there that might get her better info about the type of services that are running?one of the tools we use is nmap. when you apply it to a machine on
the network, it returns the ports/services that are running on the
machine. for example:
[karin@rasta ~]$ nmap lofty
Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) Interesting
ports on computer.domain.edu (0.0.0.0): (The 1592 ports scanned but
not shown below are in state: closed)
Port State Service
80/tcp open http
135/tcp open loc-srv
139/tcp open netbios-ssn
389/tcp open ldap
443/tcp open https
445/tcp open microsoft-ds
1002/tcp open unknown
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1720/tcp open H.323/Q.931
3005/tcp open deslogin
3372/tcp open msdtc
Nmap run completed -- 1 IP address (1 host up) scanned in 0.836 seconds
it used to to have SMTP service running on port 25. it took me two
working days and this weekend poring over books at barnes&nobles to
finally figure out how to turn off smtp on that thing. that was just
one service and look how many are still running!
so what i really want to know is: 1) if i see a service or port
running on a windows box, what is it? "unknown" doesn't tell me a
whole lot. 2) once i know what the service is, how do i turn it off?
one shouldn't have to be microsoft certified to do this. there
should be really simple answers to everything.
Thanks for reading.