-
October 7th, 2003, 12:54 PM
#1
Junior Member
why would someone connect to my port 135?
I have a LAN internet connection.since i have installed the firewall, Kerio. I see that other comp. on my LAn are trying to connect to me. e.g Kerio pops up
--------------------------------------------------------------------
Someone from 172.19.112.20, port 4694 wants to connect to port 135 owned by 'Generic Host Process for Win32 Services' on your computer
-------------------------------------------------------------------------------------------
Why is someone trying to connect to my port 135? although i see that my port 135 svchost is in listening state, but what is this for? and how can i find out which service is this, as svchost is just hosting a service, right? Please demystify.. Thanks
-
October 7th, 2003, 12:56 PM
#2
Not really "someone" its sounds more like RPC/dcom worms...
-
October 7th, 2003, 12:56 PM
#3
Well it could be anything really. I mean it could be some script kiddie scanning the internet for a vulnerable host and your system was one of them.. He could be looking for a specific vulnerability in svchost.. Could be anything but i wouldn't worry about it..
"Serenity is not the absence of conflict, but the ability to cope with it."
-
October 7th, 2003, 01:09 PM
#4
It is likely that it is a worm. Do not assume that the user of the machine with that IP address was personally responsible for the attack; most likely they knew nothing about it and have no idea there is a worm on their machine.
Slarty
-
October 7th, 2003, 02:43 PM
#5
Member
if running win 2k or xp. type in dcomcnfg in start/run. click on component services then computers. default properties, right click on the my computer icon that appears when you click on computers tab. right click on the tab and choose properties. click on the default properties tab. untick the enable ditributed COM on this computer. The port will then be listening. yet no response will come from port. you can also disable this in your services tab in control panel, administrative tools, services. stop then disable rpc locator services. enjoy your day further.......
HO$H Pagamisa. Pro Amour Ludi....
-
October 7th, 2003, 06:47 PM
#6
Senior Member
short... yet highly informative.... good work
-
October 7th, 2003, 08:32 PM
#7
I see that other comp. on my LAn are trying to connect to me. e.g Kerio pops up
--------------------------------------------------------------------
Someone from 172.19.112.20, port 4694 wants to connect to port 135 owned by 'Generic Host Process for Win32 Services' on your computer
-------------------------------------------------------------------------------------------
Since you say it's another comp on your lan, this comp might have a virus, so you may want check it out.
-
October 7th, 2003, 08:49 PM
#8
Senior Member
don't worry, Kerio is a very good choice.
if interested you can enable Kerio to log specific events on the firewall.
to do so, open the Kerio-Admin and make a rule for port 135.
there you can set what should happen when someone tries ya port 135.
>>deny,log,pop up a window,log the packets....
btw: for all the zonealarm-users: try kerio.
greetz,
stanger
-
October 7th, 2003, 10:27 PM
#9
well coming out of all assumptions...some1 might be just trying to access the shares on your PC..since its a LAN...peep might be using tools like lanscan to scan for who has shared what...and in this process ur firewall pops up to say some1 trying to connect to ur PC. But i dont overrule...n/w aware viruses n worms or the DCOM completely....so along with the firewall keep a gud AV also with u
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|