Open ports

i did a netstat -a

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1032 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1034 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1035 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1048 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1049 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1081 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1088 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1089 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1101 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1104 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1105 0.0.0.0:0 LISTENING
TCP 127.0.0.1:110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 127.0.0.1:1032 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1034 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1044 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1046 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1048 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1052 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1056 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1058 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1060 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1070 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1074 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1076 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1077 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1080 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1082 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1084 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1086 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1088 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1090 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1091 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1093 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1095 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1098 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1100 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1101 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1104 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1106 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1108 TIME_WAIT
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1028 127.0.0.1:1029 ESTABLISHED
TCP 127.0.0.1:1029 127.0.0.1:1028 ESTABLISHED
TCP 127.0.0.1:1032 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1034 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1042 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1048 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1050 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1054 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1062 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1064 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1066 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1068 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1072 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1080 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1088 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1101 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1104 127.0.0.1:1026 ESTABLISHED

why do i have so many open ports and some even show ESTABLISHED on 127.0.0.1 which was loopback :confused:

Your PC is feeling lonely and is talking to itself.

Noia, that's hilarious.

Seriously though.. port 1026 is often used for Task Scheduler IIRC. Have you scheduled any activities?

run a virus scan and see what that drags up. maybe run spybot S&D as well.

do you run ZoneAlarm or BlackIce or anyother host-based IDS or Firewall?

I wonder if your problem is related to PopAdStop

you might acting as a "zombie" host.

What operating system btw??

I made a list with the ports and the most common programmes that uses this ports. I hope i helped.

135: DCE endpoint resolution, RPC-LOCATOR - RPC (Remote Procedure Location Service
1025: BLACKJACK - network blackjack, LISTEN - listen, RAT: Gaura
1027: RAT: Latinus, FTS
1029: ICQ Instant Messenger, RAT: Latinus
1032: IAD3 - BBN IAD, RAT: G.R.O.B
1033: RAT: Netspy
1034: <Unassigned>
1035: <Unassigned>
1048: NEOD2 - Sun's NEO Object Request Broker
1049: /sbin/initd, RAT: NewFuture
1080: SOCKS - Proxy, RAT: WinHole, Broser
1081: RAT: WinHole
1088: <Unassigned>
1089: <Unassigned>
1101: RAT: Rths
1103: RAT: Rths
1104: RAT: Rths
1105: RAT: Rths
110: POP3 - Post Office Protocol - Version 3 (RFC 1081), RAT: ProMail trojan, Latinus or variant, Vagr
1026: NTERM - nterm
1028: RAT: HacKErZ
1029: ICQ Instant Messenger, RAT: Latinus
1032: IAD3 - BBN IAD, RAT: G.R.O.B
1034: <Unassigned>
1042: RAT: Bla, Rasmin
1048: NEOD2 - Sun's NEO Object Request Broker
1050: RAT: MiniCommand
1054: RAT: AckCmd
1062: RAT: Newon
1064: <Unassigned>
1066: <Unassigned>
1068: INSTL_BOOTC - Installation Bootstrap Proto. Cli.
1072: <Unassigned>
1080: SOCKS - Proxy, RAT: WinHole, Broser
1088: <Unassigned>
1101: RAT: Rths
1104: RAT: Rths

*RAT= Remote Access Trojan

I'm using WinXp, using ZA i'm curious that why my system open so much ports. Does more ports open meaning more easy for crackers to enter my system :o

How can i use my firewall to close this ports?

i believe majority of them are open by window services by default :rolleyes:

Use the firewall to block ports. To close the ports, stop or uninstall the services. And to do that, you should do some research on what service is on each port (Task Scheduler seems to be a big one). Visit Microsoft's KnowledgeBase This is actually a good resource that a lot of people don't use.

Death_Knightread this to know that u dont have to afraed of any conection with 127.0.0.1 because The reason is that this address has been reserved as what is known as the loopback address. A loopback address is an address that tells the computer not to test its connections to another computer, but to test its own basic network setup.
thx

something i have recently found to block ports that is fairly easy to use is the firewall built into windows. it is there you can close ALL ports and then specify what ports to open