You are currently offline, waiting for your internet to reconnect

INFO: Inetinfo Services Use Additional Ports Beyond Well-Known Ports

This article was previously published under Q327859
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:For more information about IIS 7.0, visit the following Microsoft Web site:
SUMMARY
When you use tools to determine the process or processes that own a TCP port, you see that services that run under the Inetinfo.exe process are listening on ports in addition to their typical assigned ports.
MORE INFORMATION
These services include but are not limited to the following:
  • W3SVC <World Wide Web Publishing Service>
  • MSFTPSVC <FTP Publishing Service>
  • SMTPSVC <Simple Mail Transfer Protocol>
  • NNTPSVC <Network News Transport Protocol>
By default, the core services that are included with these products use the following assigned ports:
  • W3SVC
    • HTTP - Port 80
    • HTTPS - Port 443

  • MSFTPSVC
    • FTP Control Channel - Port 21
    • FTP Data Channel - Port 20

  • SMTPSVC - Port 25
  • NNTPSVC - Port 119
Microsoft has confirmed that you must have additional dynamic ports for WWW, FTP, and SMTP services to function properly. Although these ports are dynamic (meaning random), their usage can be documented.
  • Remote Procedure Call (RPC): The W3SVC uses RPC for items such as IIS BaseAdmin calls and TCP.
  • Asynchronous Thread Queue (ATQ) Backlog Monitor: This must be 3456 UDP.
  • Administration Web site: This port is different with each installation. To determine this port, view the Administration Web site properties in the ISM. For additional information about how to locate the port in IIS, click the article number below to view the article in the Microsoft Knowledge Base:
    281336 HOW TO: Determine Which Program Uses or Blocks Specific Transmission Control Protocol Ports in Windows
The RPC port is directly bound to the network adapter, and can therefore be directly accessed through Telnet. However, because RPC ports are secure, any requests that are sent are rejected with a "Bad Request" error message.
REFERENCES
For more information about the HTTP, FTP, SMTP, and NNTP protocols, see the following RFCs:

For more information about the TCP protocol standards, see the following RFC:For more information about the RPC specification, see the following document:
RPC: Remote Procedure Call Protocol Specification Version 2 -- RFC 1831
http://www.ietf.org/rfc/rfc1831.txt
Properties

Article ID: 327859 - Last Review: 07/07/2008 17:02:05 - Revision: 5.1

  • Microsoft Internet Information Services version 5.1
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0
  • kbinfo KB327859
Feedback
crosoft.com/ms.js"> '><\/script>");