November 1st, 2001, 04:36 PM
i was running win2k, but i dumped it today for mandrake linux
November 2nd, 2001, 05:18 AM
Maybe what I said was taken the wrong way.
That should clear things up. Sorry if I offended anyone. That was not my intention.
November 4th, 2001, 01:44 AM
Let me clear up things about port 445:
Port 445 is used by Windows 2000 for sharing and usual windows stuff. The difference between tcp 445 and 139 (which is used by all windows systems that share by NetBIOS over TCP) is that sharing over tcp 445 does not utilise NetBIOS and instead uses SMB (server messaging block) directly over TCP...
To close port 445, go to Start menu | settings | network and dial-up connections (open the explorer like interface, don't just expend the menu) then go in the advanced menu | advanced settings (oh yeah, you need to be admin to do it), then un-bind file sharing from the adapter in question...
Note: running netstat -an will still show port 445 as listening, but it will not respond on that interface anymore (preventing null sessions and usual windows hacks)
Note 2: port 445 doesn't show as open on nmap scans anymore either (at least for me)...
As for port 1025, it is open on my 2 win2k boxes two, but i suspect that is has to do wit RPC allocating it for some purpose(since RPC allocates 1024 and above) still have to find out it's exact purpose though...
November 14th, 2001, 03:39 AM
no meaning to make anybody paranoid (uh huh) look here for a list of what ports are not supposed to be used for.
November 14th, 2001, 03:42 AM
don't know why that address screwed up.
in 2 part to be sure
November 14th, 2001, 04:43 AM
These are just educated guesses, some are very similar or in complete agreement with some of the posts above. I only had about 15 min. to spend on the research, but here is what I found.
My best guess on port 1025 (tcp or udp) is that you are using BIND and have blocked or are blocking ports 1024 down selectively. If so BIND is uses the first available open port 1024+1=1025, to get a response from the DNS server.
Port 1083 is a little more ambiguous, I found info that would suggest that it could either be a well known Trojan Horse going by the name WinHole, or Everquest. This obviusly desrves more research but it was the hardest of the 3 to pin down to a working theory. (in 15 min.)
Port 445 seems to be unique to Win2000 and quite possibly XP, in that it is working in conjuction with ports 137,138,139 (NetBIOS) ports. Anyway it seems to be related to a file and print sharing protocol called Server Message Block (SMB).
It seems to be designed to do 3 things:
->Simplifying the transport of SMB traffic.
->Removing WINS and NetNIOS broadcast as a means of resolution.
->Standardizing name resolution on DNS for file and printer sharing.
Hope this gets you started on your way to a resolution.
btw, in all fairness to smirc, I found what info I have by way of Google using boolean operators to cull the search to more relevant returns.
Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.
Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.
November 14th, 2001, 07:39 AM
wanna know how to disable those ports?
I can help you shut down those ports. Like Ive said before windows 2000 is or was a good Idea but they never bothered to secure the O/S before shiping out the disks. Microsoft is natorious for that building you a half assed O/S and expecting you to automaticly know what to secure and what filters need to be placed. well anyhow sounds like you are set with linux so have a happy.