[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Outlook 2003 listening on udp/3088

To: krajicek@xxxxxxxxxxx
Subject: Re: [Full-Disclosure] Outlook 2003 listening on udp/3088
From: insecure <insecure@xxxxxxxxxxxxx>
Date: Mon, 17 May 2004 15:38:54 -0500

Ondrej Krajicek wrote:

Hello,
I've just noticed (no, not by using tools which ship with Windows XP[1], thank 
you Bill), that
Outlook 2003 binds to UDP port 3088 on all interfaces and listens. Quick 
Googling for it
found no useful explanation.
Does anyone know what is this good for? Another open port on my (and thousands 
of others) Windows box
really does not help anything, at least when it comes to security. Anyway, I am 
using
desktop firewall for access control, but knowing what this is and how can it be 
disabled ;-)
will make my sleep a bit better.
Regards,

Ondra

PS: [1] ...netstat wouldn't do, it does not display pid (or something).

+>>>-----------------------------------------------------------------+ |Ondrej Krajicek (-KO| |Institute of Computer Science, Masaryk University Brno, CR | |http://isildur.ics.muni.cz/~ondra krajicek@xxxxxxxxxxx| +--------------------------------------------------------------------+

This is probably the new mail notification service used by Exchange. See
http://support.microsoft.com/default.aspx?scid=kb;EN-US;264035

"New mail notification messages are sent by means of UDP packets from the server to the client. The ports used for this notification are set by the client when the client logs on to the information store. As part of the log on process to the information store, the client tells the server the IP address and port where it expects to receive new mail notification messages. This will be a UDP port in the 1024-65535 range."

Here are instructions for how to turn it off for LookOut 2002.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;305572
2003 is probably similar.

Even if there was some vulnerability that could be exploited through this service, it would be hard to do, as the port number is not predictable.

jerry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Outlook 2003 listening on udp/3088
  - From: Richard Maudsley
- Re: [Full-Disclosure] Outlook 2003 listening on udp/3088
  - From: Ondrej Krajicek

References:
- [Full-Disclosure] Outlook 2003 listening on udp/3088
  - From: Ondrej Krajicek

Prev by Date: RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?
Next by Date: Re: [Full-Disclosure] Outlook 2003 listening on udp/3088
Previous by thread: [Full-Disclosure] Outlook 2003 listening on udp/3088
Next by thread: Re: [Full-Disclosure] Outlook 2003 listening on udp/3088
Index(es):
- Date
- Thread