Article ID: 327859
Article Last Modified on 11/21/2006
APPLIES TO
- Microsoft Internet Information Services 5.1
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Server 4.0
This article was previously published under Q327859
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
SUMMARY
When you use tools to determine the process or processes that own a TCP port, you see that services that run under the Inetinfo.exe process are listening on ports in addition to their typical assigned ports.
MORE INFORMATION
These services include but are not limited to the following:
- W3SVC <World Wide Web Publishing Service>
- MSFTPSVC <FTP Publishing Service>
- SMTPSVC <Simple Mail Transfer Protocol>
- NNTPSVC <Network News Transport Protocol>
By default, the core services that are included with these products use the following assigned ports:
- W3SVC
- HTTP - Port 80
- HTTPS - Port 443
- MSFTPSVC
- FTP Control Channel - Port 21
- FTP Data Channel - Port 20
- SMTPSVC - Port 25
- NNTPSVC - Port 119
Microsoft has confirmed that you must have additional dynamic ports for WWW, FTP, and SMTP services to function properly. Although these ports are dynamic (meaning random), their usage can be documented.
- Remote Procedure Call (RPC): The W3SVC uses RPC for items such as IIS BaseAdmin calls and TCP.
- Asynchronous Thread Queue (ATQ) Backlog Monitor: This must be 3456 UDP.
- Administration Web site: This port is different with each installation. To determine this port, view the Administration Web site properties in the ISM. For additional information about how to locate the port in IIS, click the article number below to view the article in the Microsoft Knowledge Base:
281336 HOW TO: Determine Which Program Uses or Blocks Specific Transmission Control Protocol Ports in Windows
The RPC port is directly bound to the network adapter, and can therefore be directly accessed through Telnet. However, because RPC ports are secure, any requests that are sent are rejected with a "Bad Request" error message.
REFERENCES
For more information about the HTTP, FTP, SMTP, and NNTP protocols, see the following RFCs:
HTTP -- RFC 2616
http://www.ietf.org/rfc/rfc2616.txt
FTP -- RFC 959
http://www.ietf.org/rfc/rfc959.txt
SMTP -- RFC 821
http://www.ietf.org/rfc/rfc821.txt
NNTP - RFC 977
http://www.ietf.org/rfc/rfc977.txt
For more information about the TCP protocol standards, see the following RFC:
TCP -- RFC 793
http://www.ibiblio.org/pub/docs/rfc/rfc793.txt
For more information about the RPC specification, see the following document:
RPC: Remote Procedure Call Protocol Specification Version 2 -- RFC 1831
http://www.ietf.org/rfc/rfc1831.txt
Keywords: kbinfo KB327859