INFO: Inetinfo Services Use Additional Ports Beyond Well-Known Ports

Article translations Article translations
Article ID: 327859 - View products that this article applies to.
This article was previously published under Q327859
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1
Expand all | Collapse all

SUMMARY

When you use tools to determine the process or processes that own a TCP port, you see that services that run under the Inetinfo.exe process are listening on ports in addition to their typical assigned ports.

MORE INFORMATION

These services include but are not limited to the following:
  • W3SVC <World Wide Web Publishing Service>
  • MSFTPSVC <FTP Publishing Service>
  • SMTPSVC <Simple Mail Transfer Protocol>
  • NNTPSVC <Network News Transport Protocol>
By default, the core services that are included with these products use the following assigned ports:
  • W3SVC
    • HTTP - Port 80
    • HTTPS - Port 443

  • MSFTPSVC
    • FTP Control Channel - Port 21
    • FTP Data Channel - Port 20

  • SMTPSVC - Port 25
  • NNTPSVC - Port 119
Microsoft has confirmed that you must have additional dynamic ports for WWW, FTP, and SMTP services to function properly. Although these ports are dynamic (meaning random), their usage can be documented.
  • Remote Procedure Call (RPC): The W3SVC uses RPC for items such as IIS BaseAdmin calls and TCP.
  • Asynchronous Thread Queue (ATQ) Backlog Monitor: This must be 3456 UDP.
  • Administration Web site: This port is different with each installation. To determine this port, view the Administration Web site properties in the ISM. For additional information about how to locate the port in IIS, click the article number below to view the article in the Microsoft Knowledge Base:
    281336 HOW TO: Determine Which Program Uses or Blocks Specific Transmission Control Protocol Ports in Windows
The RPC port is directly bound to the network adapter, and can therefore be directly accessed through Telnet. However, because RPC ports are secure, any requests that are sent are rejected with a "Bad Request" error message.

REFERENCES

For more information about the HTTP, FTP, SMTP, and NNTP protocols, see the following RFCs:

HTTP -- RFC 2616
http://www.ietf.org/rfc/rfc2616.txt

FTP -- RFC 959
http://www.ietf.org/rfc/rfc959.txt

SMTP -- RFC 821
http://www.ietf.org/rfc/rfc821.txt

NNTP - RFC 977
http://www.ietf.org/rfc/rfc977.txt
For more information about the TCP protocol standards, see the following RFC:
TCP -- RFC 793
http://www.ibiblio.org/pub/docs/rfc/rfc793.txt
For more information about the RPC specification, see the following document:
RPC: Remote Procedure Call Protocol Specification Version 2 -- RFC 1831
http://www.ietf.org/rfc/rfc1831.txt

Properties

Article ID: 327859 - Last Review: July 7, 2008 - Revision: 5.1
APPLIES TO
  • Microsoft Internet Information Services version 5.1
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0
Keywords: 
kbinfo KB327859

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com