Results 1 to 10 of 10

Thread: Open ports

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    226

    Open ports

    i did a netstat -a

    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1032 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1034 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1035 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1048 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1049 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1081 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1088 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1089 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1101 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1103 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1104 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1105 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:110 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1026 127.0.0.1:1032 ESTABLISHED
    TCP 127.0.0.1:1026 127.0.0.1:1034 ESTABLISHED
    TCP 127.0.0.1:1026 127.0.0.1:1044 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1046 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1048 ESTABLISHED
    TCP 127.0.0.1:1026 127.0.0.1:1052 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1056 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1058 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1060 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1070 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1074 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1076 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1077 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1080 ESTABLISHED
    TCP 127.0.0.1:1026 127.0.0.1:1082 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1084 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1086 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1088 ESTABLISHED
    TCP 127.0.0.1:1026 127.0.0.1:1090 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1091 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1093 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1095 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1098 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1100 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1101 ESTABLISHED
    TCP 127.0.0.1:1026 127.0.0.1:1104 ESTABLISHED
    TCP 127.0.0.1:1026 127.0.0.1:1106 TIME_WAIT
    TCP 127.0.0.1:1026 127.0.0.1:1108 TIME_WAIT
    TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1028 127.0.0.1:1029 ESTABLISHED
    TCP 127.0.0.1:1029 127.0.0.1:1028 ESTABLISHED
    TCP 127.0.0.1:1032 127.0.0.1:1026 ESTABLISHED
    TCP 127.0.0.1:1034 127.0.0.1:1026 ESTABLISHED
    TCP 127.0.0.1:1042 127.0.0.1:1026 TIME_WAIT
    TCP 127.0.0.1:1048 127.0.0.1:1026 ESTABLISHED
    TCP 127.0.0.1:1050 127.0.0.1:1026 TIME_WAIT
    TCP 127.0.0.1:1054 127.0.0.1:1026 TIME_WAIT
    TCP 127.0.0.1:1062 127.0.0.1:1026 TIME_WAIT
    TCP 127.0.0.1:1064 127.0.0.1:1026 TIME_WAIT
    TCP 127.0.0.1:1066 127.0.0.1:1026 TIME_WAIT
    TCP 127.0.0.1:1068 127.0.0.1:1026 TIME_WAIT
    TCP 127.0.0.1:1072 127.0.0.1:1026 TIME_WAIT
    TCP 127.0.0.1:1080 127.0.0.1:1026 ESTABLISHED
    TCP 127.0.0.1:1088 127.0.0.1:1026 ESTABLISHED
    TCP 127.0.0.1:1101 127.0.0.1:1026 ESTABLISHED
    TCP 127.0.0.1:1104 127.0.0.1:1026 ESTABLISHED

    why do i have so many open ports and some even show ESTABLISHED on 127.0.0.1 which was loopback

  2. #2
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Your PC is feeling lonely and is talking to itself.
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Noia, that's hilarious.

    Seriously though.. port 1026 is often used for Task Scheduler IIRC. Have you scheduled any activities?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    156
    run a virus scan and see what that drags up. maybe run spybot S&D as well.

    do you run ZoneAlarm or BlackIce or anyother host-based IDS or Firewall?

    I wonder if your problem is related to PopAdStop

    you might acting as a "zombie" host.

    What operating system btw??
    t.e.k.n.o.

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Posts
    166
    I made a list with the ports and the most common programmes that uses this ports. I hope i helped.

    135: DCE endpoint resolution, RPC-LOCATOR - RPC (Remote Procedure Location Service
    1025: BLACKJACK - network blackjack, LISTEN - listen, RAT: Gaura
    1027: RAT: Latinus, FTS
    1029: ICQ Instant Messenger, RAT: Latinus
    1032: IAD3 - BBN IAD, RAT: G.R.O.B
    1033: RAT: Netspy
    1034: <Unassigned>
    1035: <Unassigned>
    1048: NEOD2 - Sun's NEO Object Request Broker
    1049: /sbin/initd, RAT: NewFuture
    1080: SOCKS - Proxy, RAT: WinHole, Broser
    1081: RAT: WinHole
    1088: <Unassigned>
    1089: <Unassigned>
    1101: RAT: Rths
    1103: RAT: Rths
    1104: RAT: Rths
    1105: RAT: Rths
    110: POP3 - Post Office Protocol - Version 3 (RFC 1081), RAT: ProMail trojan, Latinus or variant, Vagr
    1026: NTERM - nterm
    1028: RAT: HacKErZ
    1029: ICQ Instant Messenger, RAT: Latinus
    1032: IAD3 - BBN IAD, RAT: G.R.O.B
    1034: <Unassigned>
    1042: RAT: Bla, Rasmin
    1048: NEOD2 - Sun's NEO Object Request Broker
    1050: RAT: MiniCommand
    1054: RAT: AckCmd
    1062: RAT: Newon
    1064: <Unassigned>
    1066: <Unassigned>
    1068: INSTL_BOOTC - Installation Bootstrap Proto. Cli.
    1072: <Unassigned>
    1080: SOCKS - Proxy, RAT: WinHole, Broser
    1088: <Unassigned>
    1101: RAT: Rths
    1104: RAT: Rths

    *RAT= Remote Access Trojan

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    226
    I'm using WinXp, using ZA i'm curious that why my system open so much ports. Does more ports open meaning more easy for crackers to enter my system

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    226
    How can i use my firewall to close this ports?

    i believe majority of them are open by window services by default

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Use the firewall to block ports. To close the ports, stop or uninstall the services. And to do that, you should do some research on what service is on each port (Task Scheduler seems to be a big one). Visit Microsoft's KnowledgeBase This is actually a good resource that a lot of people don't use.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Death_Knightread this to know that u dont have to afraed of any conection with 127.0.0.1 because The reason is that this address has been reserved as what is known as the loopback address. A loopback address is an address that tells the computer not to test its connections to another computer, but to test its own basic network setup.
    thx
    Remembered that if you are intending that hurts, steals, hates other people it is natural that they will meet you by the proverb.......
    wimmaster
    baghdad

  10. #10
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    something i have recently found to block ports that is fairly easy to use is the firewall built into windows. it is there you can close ALL ports and then specify what ports to open
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •