Menu
I have a case where One vulnerability detected in server(dusxxxiweb2) saying Port 8081 is opened.I got the port number through netstat -a -n -o | find "8081" command, I found out that the port "8081" is being used by system process with PID 4
I want to know which system process using this service.IIS is not installed in this server.But i can access one login page(.Net application) as below.I don't know how it is possible without IIS http://dusxxxiweb2:8081/login
I want to block this port for fixing vulnerability issue.What can i do in this scenario ?
241
Run the command;
netsh http show servicestate view=requestq
This will give snapshot of all the HTTP listeners. Find the "Registered URL" containing the port number you are looking for and the PID of the controlling process will be a few lines above it, like my own rogue process here;
Request queue name: Request queue is unnamed.
Version: 2.0
State: Active
Request queue 503 verbosity level: Basic
Max requests: 1000
Number of active processes attached: 1
--> Process IDs:
14035
URL groups:
URL group ID: F80000014000004F
State: Active
Request queue name: Request queue is unnamed.
Properties:
Max bandwidth: inherited
Max connections: inherited
Timeouts:
Timeout values inherited
Number of registered URLs: 1
--> Registered URLs:
HTTP://+:8081/ROGUESERVICE/
Server session ID: F70000011000012D
Version: 2.0
State: Active
Properties:
Max bandwidth: 4294967295
Timeouts:
Entity body timeout (secs): 120
Drain entity body timeout (secs): 120
Request queue timeout (secs): 120
Idle connection timeout (secs): 120
Header wait timeout (secs): 120
Minimum send rate (bytes/sec): 150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
