-
December 7th, 2003, 08:07 PM
#1
Senior Member
Open ports
i did a netstat -a
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1032 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1034 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1035 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1048 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1049 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1081 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1088 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1089 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1101 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1103 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1104 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1105 0.0.0.0:0 LISTENING
TCP 127.0.0.1:110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 127.0.0.1:1032 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1034 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1044 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1046 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1048 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1052 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1056 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1058 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1060 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1070 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1074 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1076 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1077 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1080 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1082 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1084 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1086 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1088 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1090 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1091 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1093 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1095 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1098 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1100 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1101 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1104 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1106 TIME_WAIT
TCP 127.0.0.1:1026 127.0.0.1:1108 TIME_WAIT
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1028 127.0.0.1:1029 ESTABLISHED
TCP 127.0.0.1:1029 127.0.0.1:1028 ESTABLISHED
TCP 127.0.0.1:1032 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1034 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1042 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1048 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1050 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1054 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1062 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1064 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1066 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1068 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1072 127.0.0.1:1026 TIME_WAIT
TCP 127.0.0.1:1080 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1088 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1101 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1104 127.0.0.1:1026 ESTABLISHED
why do i have so many open ports and some even show ESTABLISHED on 127.0.0.1 which was loopback
-
December 7th, 2003, 08:09 PM
#2
Your PC is feeling lonely and is talking to itself.
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
December 7th, 2003, 08:14 PM
#3
Noia, that's hilarious.
Seriously though.. port 1026 is often used for Task Scheduler IIRC. Have you scheduled any activities?
-
December 7th, 2003, 09:34 PM
#4
Senior Member
run a virus scan and see what that drags up. maybe run spybot S&D as well.
do you run ZoneAlarm or BlackIce or anyother host-based IDS or Firewall?
I wonder if your problem is related to PopAdStop
you might acting as a "zombie" host.
What operating system btw??
-
December 7th, 2003, 09:36 PM
#5
Senior Member
I made a list with the ports and the most common programmes that uses this ports. I hope i helped.
135: DCE endpoint resolution, RPC-LOCATOR - RPC (Remote Procedure Location Service
1025: BLACKJACK - network blackjack, LISTEN - listen, RAT: Gaura
1027: RAT: Latinus, FTS
1029: ICQ Instant Messenger, RAT: Latinus
1032: IAD3 - BBN IAD, RAT: G.R.O.B
1033: RAT: Netspy
1034: <Unassigned>
1035: <Unassigned>
1048: NEOD2 - Sun's NEO Object Request Broker
1049: /sbin/initd, RAT: NewFuture
1080: SOCKS - Proxy, RAT: WinHole, Broser
1081: RAT: WinHole
1088: <Unassigned>
1089: <Unassigned>
1101: RAT: Rths
1103: RAT: Rths
1104: RAT: Rths
1105: RAT: Rths
110: POP3 - Post Office Protocol - Version 3 (RFC 1081), RAT: ProMail trojan, Latinus or variant, Vagr
1026: NTERM - nterm
1028: RAT: HacKErZ
1029: ICQ Instant Messenger, RAT: Latinus
1032: IAD3 - BBN IAD, RAT: G.R.O.B
1034: <Unassigned>
1042: RAT: Bla, Rasmin
1048: NEOD2 - Sun's NEO Object Request Broker
1050: RAT: MiniCommand
1054: RAT: AckCmd
1062: RAT: Newon
1064: <Unassigned>
1066: <Unassigned>
1068: INSTL_BOOTC - Installation Bootstrap Proto. Cli.
1072: <Unassigned>
1080: SOCKS - Proxy, RAT: WinHole, Broser
1088: <Unassigned>
1101: RAT: Rths
1104: RAT: Rths
*RAT= Remote Access Trojan
-
December 8th, 2003, 08:32 AM
#6
Senior Member
I'm using WinXp, using ZA i'm curious that why my system open so much ports. Does more ports open meaning more easy for crackers to enter my system
-
December 8th, 2003, 08:45 AM
#7
Senior Member
How can i use my firewall to close this ports?
i believe majority of them are open by window services by default
-
December 8th, 2003, 11:01 AM
#8
Use the firewall to block ports. To close the ports, stop or uninstall the services. And to do that, you should do some research on what service is on each port (Task Scheduler seems to be a big one). Visit Microsoft's KnowledgeBase This is actually a good resource that a lot of people don't use.
-
June 10th, 2004, 04:57 PM
#9
Member
Death_Knightread this to know that u dont have to afraed of any conection with 127.0.0.1 because The reason is that this address has been reserved as what is known as the loopback address. A loopback address is an address that tells the computer not to test its connections to another computer, but to test its own basic network setup.
thx
Remembered that if you are intending that hurts, steals, hates other people it is natural that they will meet you by the proverb.......
wimmaster
baghdad
-
June 10th, 2004, 05:29 PM
#10
something i have recently found to block ports that is fairly easy to use is the firewall built into windows. it is there you can close ALL ports and then specify what ports to open
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|