05-04-2012 08:22 AM
I just bought a new W520. I was testing the Norton Firewall and running port scans against the machine. I noticed some open ports so I did a recovery to factory condition. I ran the port scan again and see a number of ports (25, 80, 110, 8080 - if memory serves correct). I telnet to the ports and they respond but the is no visiable text so it is difficult to figure out what is running. I've tried using Tcpview and other tools to view the open ports via Windows 7, but I don't see those ports listening. I am wondering if there are some Lenovo tools/utilities that use these ports? I may just be paranoid
05-04-2012 08:20 PM
Point taken, but unfortunately without any restore media other than the recovery partition I can't do a base install unfortunately. I was hoping someone from Lenovo could chime in if there were some system management tools that may have open ports .
05-05-2012 07:06 AM
I decided to break out the big guns. I ran a Nessus scan and NMAP againts my W520. The same ports weren't open when compared to the scan by Advanced Port Scan by RAdmin. These are the results of nmap which mirror the open ports Nessus found. Keep in mind, I had the firewall turned off since I am testing Bitdefender's Internet Security 2012. I used TCPViiew to link the process to these ports and found:
443 - VMWare Worksation
902 - VMWare Workstation
912 - VMWare Workstation
5357 - svchost.exe
49152 - wininit.exe
49153 - wininit.exe
49154 - wininit.exe
49155 - wininit.exe
49165 - wininit.exe
When I enable the firewall, none of the ports are visable. I am looking at using the BitDefender or Kaspersky's Internet Security Suites. Thoughts from other security folks appreciated!
05-06-2012 08:07 AM - edited 05-06-2012 08:08 AM
I've just ran an nmap scan against my W520, mostly fresh from the factory except for Windows Live Messenger and Google Chrome installed (which shouldn't affect the results much).
ds@ds61:~$ sudo nmap -sS -O -p0-65535 192.168.1.100 -v [sudo] password for ds: Starting Nmap 5.51 ( http://nmap.org ) at 2012-05-06 21:20 SGT Initiating ARP Ping Scan at 21:20 Scanning 192.168.1.100 [1 port] <snip> Nmap scan report for DS-W520 (192.168.1.100) Host is up (0.0066s latency). Not shown: 65529 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 554/tcp open rtsp 2869/tcp open icslap 5357/tcp open wsdapi 10243/tcp open unknown
7 ports open, scanned from within a LAN. Not sure what those ports are for though..