can someone explain what ports 1025 blackjack network, 445 microsoft ds, and 1083 are? when i run netstat it reports that i have these ports listening.
Printable View
can someone explain what ports 1025 blackjack network, 445 microsoft ds, and 1083 are? when i run netstat it reports that i have these ports listening.
Hrmmm. I dont know what all of the ports are for but if my poor memory serves the blackjack port is a trojan horse. For what its worth, tou can find a nice listing of ports at:
http://www.iana.org/assignments/port-numbers
Sorry couldn't be of more help.
Hey...
I take it that your using some flavour of Windows...
Well, for starters, I believe that the network blackjack is one of the ports used by RPC...
I think the microsoft DS (445) is one of many ports used for Directory Services, providing name resolution and lookup capabilities, allowing users or devices to locate resources on the network by human readable or well-known names.
As for the 1083, which is registered to Anasoft License Manager.. I have no bloody idea... the only thing I can find is that its registered that port....
very suspicious of that one.... heck, I'd be suspicous of all of them, especially if you aren't running 2K/NT/XP....
If you are suspicious you could try installing/activating a firewall to see if anything is using them. Lots of firewall software around, but www.zonelabs.com is probably as good as anything else (freeware for personal use).
I'm guessing if you don't know what they are, they shouldn't be running. You can try tauscan from Agnitum.com, or the Cleaner from moosoft.com to scan for trojans and viruses that may be causing those ports to be opened for listening.Quote:
Originally posted by mindrape
can someone explain what ports 1025 blackjack network, 445 microsoft ds, and 1083 are? when i run netstat it reports that i have these ports listening.
nuff said
smirc,
Get a grip. There is no RTFM in this case. These ports aren't identified anywhere except for 445, which is somewhere in Microsoft documentation.
Anything over 1024 is an upper-level port number and can be pretty much assigned to anything. Port lists simple are lists and don't carry much information. Rather than spew out RTFM in this case, why not offer us your input as to what these ports are (although I'm quite sure that 445 is Directory Services and would have me believe that mindrape is running a Win2K box of some type).
The other two, 1025 and 1083, I have never seen. A firewall is a good thing for mindrape but I would go beyond ZA. I would suggest Outpost by Agnitum (http://www.agnitum.com/products/outpost/) or Tiny Firewall by Tiny Software (www.tinysoftware.com). They are a little more flexible for configuration.
I apolgise, obviously looking in the RFC's and doing a little searching around the web it too much to expect.
Don't be an ass smirc...
I was paid $20 an hour(which was quite a bit for my age) to participate in internet reseach for a university, and it took me quite a while to find any useful information on those ports... If you wanna be so wonderful, how about you inform us of the great information that you got from looking into the RFC's???
**sorry if you were truly apoligising.. I've been drinking since 1 o'clock**
smirc,
Very simple:
The one port, 445, can be looked up. It should pull a fair amount of info. Mindrape, check out: http://www.google.com/search?q=port+445. Or check out Microsoft's knowledge-base
Ports 1025 and 1083 are harder. Given that they are above the 1024 they are not fully assigned anything and are often used by a variety of applications. As such, there are no RFCs on them. Doing a search on port 1025 and/or port 1083 will get hits but nothing that truly defines it. And don't even attempt a search on blackjack network. That will just get you all the casino sites.
If you have a perferred direct link that could give a further description of these ports, please do share.
i was running win2k, but i dumped it today for mandrake linux
Maybe what I said was taken the wrong way.
http://www.tuxedo.org/%7Eesr/faqs/smart-questions.html
That should clear things up. Sorry if I offended anyone. That was not my intention.
Hi people,
Let me clear up things about port 445:
Port 445 is used by Windows 2000 for sharing and usual windows stuff. The difference between tcp 445 and 139 (which is used by all windows systems that share by NetBIOS over TCP) is that sharing over tcp 445 does not utilise NetBIOS and instead uses SMB (server messaging block) directly over TCP...
To close port 445, go to Start menu | settings | network and dial-up connections (open the explorer like interface, don't just expend the menu) then go in the advanced menu | advanced settings (oh yeah, you need to be admin to do it), then un-bind file sharing from the adapter in question...
Note: running netstat -an will still show port 445 as listening, but it will not respond on that interface anymore (preventing null sessions and usual windows hacks)
Note 2: port 445 doesn't show as open on nmap scans anymore either (at least for me)...
As for port 1025, it is open on my 2 win2k boxes two, but i suspect that is has to do wit RPC allocating it for some purpose(since RPC allocates 1024 and above) still have to find out it's exact purpose though...
Ammo
no meaning to make anybody paranoid (uh huh) look here for a list of what ports are not supposed to be used for.
http://www.sans.org/newlook/resource...Q/oddports.htm
don't know why that address screwed up.
http://www.sans.org/newlook/resource...Q/oddports.htm
in 2 part to be sure
http://www.sans.org/newlook/
resources/IDFAQ/oddports.htm
These are just educated guesses, some are very similar or in complete agreement with some of the posts above. I only had about 15 min. to spend on the research, but here is what I found.
My best guess on port 1025 (tcp or udp) is that you are using BIND and have blocked or are blocking ports 1024 down selectively. If so BIND is uses the first available open port 1024+1=1025, to get a response from the DNS server.
Port 1083 is a little more ambiguous, I found info that would suggest that it could either be a well known Trojan Horse going by the name WinHole, or Everquest. This obviusly desrves more research but it was the hardest of the 3 to pin down to a working theory. (in 15 min.)
Port 445 seems to be unique to Win2000 and quite possibly XP, in that it is working in conjuction with ports 137,138,139 (NetBIOS) ports. Anyway it seems to be related to a file and print sharing protocol called Server Message Block (SMB).
It seems to be designed to do 3 things:
->Simplifying the transport of SMB traffic.
->Removing WINS and NetNIOS broadcast as a means of resolution.
->Standardizing name resolution on DNS for file and printer sharing.
Hope this gets you started on your way to a resolution.
btw, in all fairness to smirc, I found what info I have by way of Google using boolean operators to cull the search to more relevant returns.
I can help you shut down those ports. Like Ive said before windows 2000 is or was a good Idea but they never bothered to secure the O/S before shiping out the disks. Microsoft is natorious for that building you a half assed O/S and expecting you to automaticly know what to secure and what filters need to be placed. well anyhow sounds like you are set with linux so have a happy.