Microsoft KB Archive/327859

= INFO: Inetinfo Services Use Additional Ports Beyond Well-Known Ports =

Article ID: 327859

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Services 5.1
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q327859



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
When you use tools to determine the process or processes that own a TCP port, you see that services that run under the Inetinfo.exe process are listening on ports in addition to their typical assigned ports.



MORE INFORMATION
These services include but are not limited to the following:


 * W3SVC 
 * MSFTPSVC 
 * SMTPSVC 
 * NNTPSVC 

By default, the core services that are included with these products use the following assigned ports:  W3SVC  HTTP - Port 80 HTTPS - Port 443

</li> MSFTPSVC  FTP Control Channel - Port 21</li> FTP Data Channel - Port 20</li></ul>

</li> SMTPSVC - Port 25</li> NNTPSVC - Port 119</li></ul>

Microsoft has confirmed that you must have additional dynamic ports for WWW, FTP, and SMTP services to function properly. Although these ports are dynamic (meaning random), their usage can be documented.  Remote Procedure Call (RPC): The W3SVC uses RPC for items such as IIS BaseAdmin calls and TCP.</li> Asynchronous Thread Queue (ATQ) Backlog Monitor: This must be 3456 UDP.</li> Administration Web site: This port is different with each installation. To determine this port, view the Administration Web site properties in the ISM. For additional information about how to locate the port in IIS, click the article number below to view the article in the Microsoft Knowledge Base:

281336 HOW TO: Determine Which Program Uses or Blocks Specific Transmission Control Protocol Ports in Windows

</li></ul>

The RPC port is directly bound to the network adapter, and can therefore be directly accessed through Telnet. However, because RPC ports are secure, any requests that are sent are rejected with a &quot;Bad Request&quot; error message.

<div class="references_section">