What I know: this machine is not too secure...
What I don't know: what are those protocols...

Are you talking about the ports in BOLD letters ?

Ports above 1024 are un-regulated, anyone can use them.

3389 is used by the Microsoft's Remote Windows Terminal Server.
5101 is used by Yahoo Messenger

Also, some of the ports are used by known trojans.
5000 is used by Back Orifice and NetBus.


If you do not use these ports, you should setup a firewall.

Ummmmm??? BO normally uses 31337 and NetBus uses 12345 and 12346 by default. Of course they can be made to run on any port. On a Windows machine 5000 is just what nmap said, UPnP.

I don't know what the point of the original post is, though... Congratulations, you found a networked host that appears (notice I said "appears") to be very insecure. It's not like those don't abound on the Internet (1,500,000 machines compromised by MS Blaster).

For one thing, that's a non-routable IP so it's obviously on an Internal network. Sure it's not a good idea to run all those services, but they're probably not reachable from the Internet (firewall?). Another remote possibility is that it's a honeypot and just pretending to have those services running. You wouldn't know unless you actually tried something against it.

If you're not responsible for that host, move along. If you are, I certainly hope you know how to disable all those unnessecary services.

The thing is that this machine is owned by someone I know personally in the intranet. I was wondering what are those services and why is he running them?

Espacially iad1 and iad3..... and I was expecting some links so that I could read about the services I see here....

Chort how did you realised that this machine is on an internal network? squid absent? Please give links so that I can . And after I won't and act like a total that I am.

The way we know it is on an internal network is because of the subnet (xxx.xxx. ... ...). Any ip address that has the range 172.xxx.xxx.xxx or 10.xxx.xxx.xxx or 192.xxx.xxx.xxx is on the internal side of a network. That is where the router comes in. What it does is take your external address (say, if you have comcast, like 67.170.xxx.xxx) and splits it, into, you guesed it, the internal addresses. Make sense? Enjoy, and tell your friend to stop using windows and join the free world!




Here is a listing of some odd ports and the processes that run them:
http://www.sans.org/resources/idfaq/oddports.php

Here is a more official listing of port numbers:
http://www.iana.org/assignments/port-numbers

Close, but incorrect. Only the 10. (pronunced "ten dot") network is a /8 (used to be called "Class A"). The private range of 172.16. is a /12, and 192.168 is a /16. Confused yet?

Start with RFC1918, which specifies some reserved networks for private use (these routes are not advertised to the Internet). Next, wikipedia has a somewhat useful explanation of CIDR, although some Googling will probably reveal something more helpful.

So what is my point? Not every thing that matches 172.*.*.* is actually a private IP. In fact, a large number of 172. addresses belong to AOL. 192. isn't all private, either--in fact only 1/255th of it is (roughly speaking).

Good point chort, guess I should be a little more clear Wouldn't want somebody to give their computer an address like 172.140.184.xxx and get really, really confused.