Control Compliance Suite

 View Only

  • 1.  CCS 10.5.1 Custom Check

    Posted Jan 04, 2013 02:40 PM

    Has anyone ever written a check to determine if ports are opn on a desktop machine?  

    We are trying to write one that will let us know if Ports 5800 and Port 5900 are open on Windows 7 machines.  



  • 2.  RE: CCS 10.5.1 Custom Check

    Posted Jan 07, 2013 02:03 PM

    Not sure that there's a check in Windows to check for open ports (I know this check IS available on *nix). An easier way to go about it would be to check to see if the service that listens on those ports is running... assuming you know which service it is that should be listening. Not quite what you were looking for, but should get you to the same spot.

    Chris Tyrrell

    ctyrrell@conventus-sei.com

    Conventus Corp.



  • 3.  RE: CCS 10.5.1 Custom Check

    Posted Jan 09, 2013 11:12 AM

    BindView does not offer a direct ports query. But depending on what you are looking for, you may want to run a BV-C Windows Registry query - and filter the below mentioned keys by "Key/Value Name" field in BindView. Please refer to: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=RemoteAccess%3AWin32%2FUltraVNC "The following system changes may indicate the presence of RemoteAccess:Win32/UltraVNC: Presence of these registry keys: HKEY_LOCAL_MACHINE\Software\UltraVnc HKEY_LOCAL_MACHINE\Software\ORL HKEY_CURRENT_USER\Software\ORL When the program is in use, it may open and await connections on TCP ports 5800 and 5900" Hope this helps! Thanks, Chaitali



  • 4.  RE: CCS 10.5.1 Custom Check

    Posted Jan 09, 2013 12:48 PM

    Thanks!  I was able to develop a query to list all the permitted TCP ports <LIST>

    It is suppose to provide a list of all permitted ports, but it is coming back and just stating permit all.  I am not if you have any thoughts on how to get an actual list vs. just having it say 'permit all,' but figure I would throw it out there.  Thanks again.  



  • 5.  RE: CCS 10.5.1 Custom Check

    Posted Jan 09, 2013 10:12 PM

    I believe that the query you created shows the Windows Firewall configuration and does not list out what ports are actually being listened on. In order to detemine active listening ports, you would need a port scanner, which CCS Standards Manager does not do.

    If you need this capability, you would need to use CCS Vulnerability Manager. What application listens on those ports? If you know that, you can develop a check to see if that app is running. Not sure if there's another way to get at this using just CCS Standards Manager.

    Chris Tyrrell

    ctyrrell@conventus-sei.com

    Conventus Corp