October 16th, 2002, 01:59 AM
Port 5000 again...
Yea, I know, there are a LOT of posts about the trojans lurking on port 5000. Now I have a problem with it. I have XP, and by default, plug and play is enabled. Now, sometimes I will encounter strange behavior, ex: my cable connection suddenly going dead...I routinely run netstat -an thru DOS, and what do you know, an IP is connected to me via port 5000. Now, I dont know if it actually is a trojan, being it is the same IP every time.I have Norton AV and Agnitum Outpost, and my system is clean. Ive ran The Cleaner likewise. Is it a Microsoft service connecting to me? Or is it a ....gulp.....trojan.
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
October 16th, 2002, 02:07 AM
October 16th, 2002, 02:18 AM
just block the IP on ur firewall n' see if anything on ur comp is interrupted. Also, if you're curious about a hacker, i'd open up a packet sniffer and let it run, monitor that specific IP address. The packet sniffer would definetly be beneficial to you. I use either commview, or Analog X's. www.analox.com there are a few other tools which analog offers that u might find useful. Hope this helps you out man.
October 16th, 2002, 03:25 AM
Not only should you be able to block it with outpost, but if you go to the connections and look it will tell what program has that port open. Another tool you can use is FPort. This will tell you what programs have what ports open.
Let me know what you find and we can provide a little more useful information.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
October 16th, 2002, 03:59 AM
I like fport. It's a great little tool. You could also try tcpview , one of many great tools on the sysinternals website. As far as a protocol analyzer/sniffer goes, you can try out Ethereal . I hope this helps you out.
Opinions are like
holes - everybody\'s got\'em.
October 16th, 2002, 04:03 AM
You might find this page helpful http://grc.com/unpnp/unpnp.htm
\"When I give food to the poor, they call me a saint. When I ask why the poor have no food, they call me a communist.\" -- Dom Helder Camara