Port 5000 again...
Results 1 to 6 of 6

Thread: Port 5000 again...

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    239

    Question Port 5000 again...

    Yea, I know, there are a LOT of posts about the trojans lurking on port 5000. Now I have a problem with it. I have XP, and by default, plug and play is enabled. Now, sometimes I will encounter strange behavior, ex: my cable connection suddenly going dead...I routinely run netstat -an thru DOS, and what do you know, an IP is connected to me via port 5000. Now, I dont know if it actually is a trojan, being it is the same IP every time.I have Norton AV and Agnitum Outpost, and my system is clean. Ive ran The Cleaner likewise. Is it a Microsoft service connecting to me? Or is it a ....gulp.....trojan.
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    380
    If you have Agnitum Outpost, Why not block that IP and see if your computer runs fine?

    All you have to do is go in Options then System then click settings in Global Application and System Rules

    Then Add and that remote host then deny it
    [shadow]Scorp666, the Infamous Orgasmatron[/shadow]

  3. #3
    Banned
    Join Date
    Oct 2002
    Posts
    41
    just block the IP on ur firewall n' see if anything on ur comp is interrupted. Also, if you're curious about a hacker, i'd open up a packet sniffer and let it run, monitor that specific IP address. The packet sniffer would definetly be beneficial to you. I use either commview, or Analog X's. www.analox.com there are a few other tools which analog offers that u might find useful. Hope this helps you out man.

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Not only should you be able to block it with outpost, but if you go to the connections and look it will tell what program has that port open. Another tool you can use is FPort. This will tell you what programs have what ports open.

    Let me know what you find and we can provide a little more useful information.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    651

    Port 5000

    I like fport. It's a great little tool. You could also try tcpview , one of many great tools on the sysinternals website. As far as a protocol analyzer/sniffer goes, you can try out Ethereal . I hope this helps you out.
    Opinions are like holes - everybody\'s got\'em.

    Smile

  6. #6
    Senior Member
    Join Date
    Jun 2002
    Posts
    352
    You might find this page helpful http://grc.com/unpnp/unpnp.htm
    \"When I give food to the poor, they call me a saint. When I ask why the poor have no food, they call me a communist.\" -- Dom Helder Camara

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •