Quote:
Originally Posted by evo22  I have port 1301 connecting to our exchange server and when I block it. Our remote users can't connect. What is this port used for? I've tried to search for information. |
Since its an Exchange server, its most likely a RPC connection. Microsoft is notoriously hard to lock down via port restrictions, there are a lot of server side & client side changes you need to make in order to do it right.
By RPC connection I'm referring to the client accessing the server via DCOM (135/tcp), in that DCOM connection the server will respond a new port (>1024/tcp aka tcp-high-ports) which the client will use for the rest of the session. So you will then see the client access the server on whichever port the server specified (in this case 1301).
If you have no server side / client side modifications in place then you will most likely see each client using a different port. In some cases it can be sequential, depends on how long the port is used for and how many clients you have.
As for working your way through the list of ports, I would recommend with starting with ports that are < 1024, as these are more than likely to be tied to a valid service. While there are services in port ranges higher then 1024 (such as SQL ports) they are more likely to be back connection ports and in some cases can be safely dropped.