-
December 14th, 2001, 11:49 PM
#1
Port 1025/tcp
Can someone explain to me why my Windows XP box has port 1025 open?
NMAP on my Mandrake box tells me that it is:
1025 listen
What does this actually do?
-
December 15th, 2001, 12:13 AM
#2
Re: Port 1025
Could you be more specific with the system. Could be that your using a File-Sharing program. Also, port 1025 is the first dynamically assigned port. Therefore, virtually any program that requests a port can be assigned one at this address. I use Morpheus, and whenever I download things off of multiple users...port 1025 opens up.
Furthermore, port 1025 is the network blackjack.
And if you want to know somethign real scary - port 1025 is the 'home' you could say for a few backdoors. These backdoors are listed here.
[list=1][*]Fraggle Rock[*]md5 Backdoor[*]NetSpy [*]Remote Storm [/list=1]
Thats about it...so double check your AV scans.
Yet then again you could be running some telnet. Such as fishroom for instance.
telnet fishroom.monrou.com 1025
So you see...it could be numerous things...just make sure you scan your PC again to make sure no Trojans are installed...check if your using programs that access the internet...and find out what port(s) they run on.
...This Space For Rent.
-[WebCarnage]
-
December 15th, 2001, 12:20 AM
#3
I will run a virus scan over night, but i don't think it'll be a virus and im not running any telnet servers... I'll run NMAP again now to check that its still open...
I've blocked internet access to 1025/tcp and 1025/udp thru ZoneAlarm Pro anyway, so if it is a trojan it ain't gonna get very far!
-
December 15th, 2001, 12:24 AM
#4
netstat -a on the XP box revealed that:
local remote status
------ ---------- --------
neo:1025 neo:0 LISTENING
There's also loads more listed as listening and I don't know why... ZAPro is on High security for the internet zone anyway so it should stealth them all... but i still like to know what's going on on my computers.
-
December 15th, 2001, 12:27 AM
#5
-
December 20th, 2001, 07:02 AM
#6
Junior Member
doesn't Kazaa and morpheus use that port....????
i think that may be the root of your problem
-
December 20th, 2001, 05:46 PM
#7
It might be worth noting that the reason a lot of trojans use 1025 is because it's the first port that ANY user can bind to. Binding to the restricted ports (1-1024) in *nix/*BSD requires special privileges -- it may even be root access, not 100% sure on that. At any rate, I think that NT/2K/XP require administrator or system level access to do the same.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|