-
November 25th, 2004 12:44 AM
#11
Member
When running the tasklist | findstr "PID" for the one listenning on port 1025 it gave me the following.
winlogon.exe 460 0 1,516 K
lsass.exe 516 0 4,192 K
Thanks again
-
November 25th, 2004 08:25 AM
#12
Hi
The winlogon.exe you can forget. The match was due to "1,516 K".
Which OS have you running (XP home/pro SP1 or SP2, 2000, ...)? They apparently
handle RPC-things differently (svchost/lsass listening).
A reminder: Port 1025 is the first dynamically assigned port on a windows
machine. Usually, this port is used by the RPC "environment". RPC opens, if
needed, further ports (>1025).
The RPC port mapper (on 135) enables the communication with RPC services.,
ie. a client asks the RPC port mapper about the endpoints of the server
(e.g. for the task scheduler this usually is 1025).
I would not be overly concerned about it, if you have a patched system and/or
a decent configured firewall. But maybe I missed something, and someone else
could clarify further.
Cheers!
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules
|
|
Reply With Quote
Bookmarks