December 14th, 2001, 10:49 PM
Can someone explain to me why my Windows XP box has port 1025 open?
NMAP on my Mandrake box tells me that it is:
What does this actually do?
December 14th, 2001, 11:13 PM
Re: Port 1025
Could you be more specific with the system. Could be that your using a File-Sharing program. Also, port 1025 is the first dynamically assigned port. Therefore, virtually any program that requests a port can be assigned one at this address. I use Morpheus, and whenever I download things off of multiple users...port 1025 opens up.
Furthermore, port 1025 is the network blackjack.
And if you want to know somethign real scary - port 1025 is the 'home' you could say for a few backdoors. These backdoors are listed here.
[list=1][*]Fraggle Rock[*]md5 Backdoor[*]NetSpy [*]Remote Storm [/list=1]
Thats about it...so double check your AV scans.
Yet then again you could be running some telnet. Such as fishroom for instance.
telnet fishroom.monrou.com 1025
So you see...it could be numerous things...just make sure you scan your PC again to make sure no Trojans are installed...check if your using programs that access the internet...and find out what port(s) they run on.
...This Space For Rent.
December 14th, 2001, 11:20 PM
I will run a virus scan over night, but i don't think it'll be a virus and im not running any telnet servers... I'll run NMAP again now to check that its still open...
I've blocked internet access to 1025/tcp and 1025/udp thru ZoneAlarm Pro anyway, so if it is a trojan it ain't gonna get very far!
December 14th, 2001, 11:24 PM
netstat -a on the XP box revealed that:
local remote status
------ ---------- --------
neo:1025 neo:0 LISTENING
There's also loads more listed as listening and I don't know why... ZAPro is on High security for the internet zone anyway so it should stealth them all... but i still like to know what's going on on my computers.
December 14th, 2001, 11:27 PM
December 20th, 2001, 06:02 AM
doesn't Kazaa and morpheus use that port....????
i think that may be the root of your problem
December 20th, 2001, 04:46 PM
It might be worth noting that the reason a lot of trojans use 1025 is because it's the first port that ANY user can bind to. Binding to the restricted ports (1-1024) in *nix/*BSD requires special privileges -- it may even be root access, not 100% sure on that. At any rate, I think that NT/2K/XP require administrator or system level access to do the same.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?