Results 1 to 7 of 7

Thread: Port 1025/tcp

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    677

    Port 1025/tcp

    Can someone explain to me why my Windows XP box has port 1025 open?

    NMAP on my Mandrake box tells me that it is:

    1025 listen

    What does this actually do?
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    872

    Post Re: Port 1025

    Could you be more specific with the system. Could be that your using a File-Sharing program. Also, port 1025 is the first dynamically assigned port. Therefore, virtually any program that requests a port can be assigned one at this address. I use Morpheus, and whenever I download things off of multiple users...port 1025 opens up.
    Furthermore, port 1025 is the network blackjack.

    And if you want to know somethign real scary - port 1025 is the 'home' you could say for a few backdoors. These backdoors are listed here.

    [list=1][*]Fraggle Rock[*]md5 Backdoor[*]NetSpy [*]Remote Storm [/list=1]

    Thats about it...so double check your AV scans.
    Yet then again you could be running some telnet. Such as fishroom for instance.

    telnet fishroom.monrou.com 1025

    So you see...it could be numerous things...just make sure you scan your PC again to make sure no Trojans are installed...check if your using programs that access the internet...and find out what port(s) they run on.
    ...This Space For Rent.

    -[WebCarnage]

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    I will run a virus scan over night, but i don't think it'll be a virus and im not running any telnet servers... I'll run NMAP again now to check that its still open...

    I've blocked internet access to 1025/tcp and 1025/udp thru ZoneAlarm Pro anyway, so if it is a trojan it ain't gonna get very far!
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    677

    Unhappy

    netstat -a on the XP box revealed that:

    local remote status
    ------ ---------- --------
    neo:1025 neo:0 LISTENING

    There's also loads more listed as listening and I don't know why... ZAPro is on High security for the internet zone anyway so it should stealth them all... but i still like to know what's going on on my computers.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    872

    Post Re: Port 1025

    Hmmm, well maybe it's a file-sharing agent (if you have one that is). Because whenever I run Morpheus up and start downloading things from multiple users...port 1025 opens up. For me, right now at least, about 10-15 11523's are flooding my netstat with Time-Wait on them. (Dunno why I added that last part...just felt like sharing it to somebody ).

    But yes, I have the bought version of Zone Alarm Pro (not the trial)...and I'm on high sec. now...don't worry about it.
    ...This Space For Rent.

    -[WebCarnage]

  6. #6
    Junior Member
    Join Date
    Sep 2001
    Posts
    4

    Talking

    doesn't Kazaa and morpheus use that port....????


    i think that may be the root of your problem
    hey

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    It might be worth noting that the reason a lot of trojans use 1025 is because it's the first port that ANY user can bind to. Binding to the restricted ports (1-1024) in *nix/*BSD requires special privileges -- it may even be root access, not 100% sure on that. At any rate, I think that NT/2K/XP require administrator or system level access to do the same.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •