Port 5000 again...

[Showtime8000]

Yea, I know, there are a LOT of posts about the trojans lurking on port 5000. Now I have a problem with it. I have XP, and by default, plug and play is enabled. Now, sometimes I will encounter strange behavior, ex: my cable connection suddenly going dead...I routinely run netstat -an thru DOS, and what do you know, an IP is connected to me via port 5000. Now, I dont know if it actually is a trojan, being it is the same IP every time.I have Norton AV and Agnitum Outpost, and my system is clean. Ive ran The Cleaner likewise. Is it a Microsoft service connecting to me? Or is it a ....gulp.....trojan.

[Scorp666]

If you have Agnitum Outpost, Why not block that IP and see if your computer runs fine?

All you have to do is go in Options then System then click settings in Global Application and System Rules

Then Add and that remote host then deny it

[aut0psy]

just block the IP on ur firewall n' see if anything on ur comp is interrupted. Also, if you're curious about a hacker, i'd open up a packet sniffer and let it run, monitor that specific IP address. The packet sniffer would definetly be beneficial to you. I use either commview, or Analog X's. www.analox.com there are a few other tools which analog offers that u might find useful. Hope this helps you out man.

[nebulus200]

Not only should you be able to block it with outpost, but if you go to the connections and look it will tell what program has that port open. Another tool you can use is FPort. This will tell you what programs have what ports open.

Let me know what you find and we can provide a little more useful information.

/nebulus

[t2k2]

I like fport. It's a great little tool. You could also try tcpview , one of many great tools on the sysinternals website. As far as a protocol analyzer/sniffer goes, you can try out Ethereal . I hope this helps you out.

[Mahakaal]

You might find this page helpful http://grc.com/unpnp/unpnp.htm